⚠️ I want to make it clear that you can cause yourself a lot of problems by changing sudo authorization methods incorrectly. I assume no responsibility and bear no culpability if sudo or anything else breaks as a result of anything you implement as a result of reading this post.
I've been using a Touch ID enabled MacBook Air and use sudo frequently. Administrative privileges last about 15 minutes on *nix systems (although you can modify this time limit) so that you don't have to type your password with every command.
Not that I have to key in the password for every command, I still thought using my fingerprint every time I have to use sudo with a command would be GREAT.
Add Touch ID to the list of sudo's accepted authorization methods:
On the terminal, run → sudo vim /etc/pam.d/sudo .
The file contents should look like such
# sudo: auth account password sessionauth sufficient pam_smartcard.so
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.soModify its contents to include the Touch ID.
# sudo: auth account password session→ auth sufficient pam_tid.so
auth sufficient pam_smartcard.so
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.soTo check if you're able to use Touch ID to sudo, run → sudo reboot now (or any command as far as it is prefixed with sudo ). You'll be prompted with a dialog box asking you to authenticate using Touch ID.
In the image above, I'm able to use my fingerprint to authenticate the sudo command. I later cancel it from the dialog box to see the normal shell prompt for password. Works for me!
There was no way for me to verify if I can SSH into my Macbook Air using another Touch ID enabled Macbook. I hope to see the default password prompt to show up and then enable me to authorize using my account's password.