DenWav
commented
6 years ago Wow, thanks for the tip! Been using this since I got my MacBook, cool to see a native solution exists.
Open breun opened 6 years ago
DenWav
commented
6 years ago Wow, thanks for the tip! Been using this since I got my MacBook, cool to see a native solution exists.
lucasjohnston
commented
6 years ago You're right to point out that macOS already supports TouchID with sudo, but to do so requires a system config change (editing your /etc/pam.d/sudo file).
This means that you will not be able to use sudo when SSHing in, because you can't send your fingerprint through the internet
Also, I'd generally lean towards avoiding editing core system config files if possible, but that's just my personal opinon! The way I use this project is by building the binary with a different name (I personally use lucasudo :wink:) and sticking it in /usr/local/bin. Doing this means I'm not overriding my system's sudo, which imo is a safer option - and allows me to continue using sudo over SSH.
This is down to personal preference really, but I completley agree that pointing out both options in the readme would be a good idea.
rkujawa
commented
5 years ago @lucasjohnston You can still use sudo over ssh even if you enable this, since pam_tid.so in the example above is marked as "sufficient". I.e. it is allowed to fail and the authentication mechanism will happily fall through to the next module.
Although this is a cool project, if you add the following line to the top of
/etc/pam.d/sudothere is no need to replacesudo:It might be nice to point this out in the README.