PSA: macOS Sonoma and sudo biometrics

MrC · October 2023

FYI: macOS Sonoma makes it easier to retain enabled sudo biometrics across software updates. In previous versions, users were required to re-add an auth line to /etc/pam.d/sudo after every update.

The /etc/pam.d/sudo file now includes the file sudo_local:

auth       include        sudo_local

and a template file /etc/pam.d/sudo_local.template:

# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
#auth       sufficient     pam_tid.so

Simply copy that file to /etc/pam.d/sudo_local and uncomment the auth line. This should survive system updates.