1  #!/bin/zsh
 2  #
 3  # enable-sudo-touch-id - Enable Touch ID authentication for sudo commands
 4  #
 5  # Configures PAM to allow Touch ID for sudo authentication on macOS.
 6  # Creates /etc/pam.d/sudo_local from template and enables the auth module.
 7  #
 8  # Usage: enable-sudo-touch-id
 9  
10  if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
11    echo "Usage: $(basename "$0")"
12    echo "Enable Touch ID authentication for sudo commands"
13    echo "Requires macOS with Touch ID support"
14    exit 0
15  fi
16  
17  if [[ -e /etc/pam.d/sudo_local ]]; then
18      echo "TouchID unlock already in place"
19  else
20      sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local
21      sudo sed -i '' 's/#auth/auth/' /etc/pam.d/sudo_local
22      echo "TouchID unlock enabled"
23  fi