Open breun opened 6 years ago
Wow, thanks for the tip! Been using this since I got my MacBook, cool to see a native solution exists.
You're right to point out that macOS already supports TouchID with sudo
, but to do so requires a system config change (editing your /etc/pam.d/sudo
file).
This means that you will not be able to use sudo
when SSHing in, because you can't send your fingerprint through the internet
Also, I'd generally lean towards avoiding editing core system config files if possible, but that's just my personal opinon! The way I use this project is by building the binary with a different name (I personally use lucasudo
:wink:) and sticking it in /usr/local/bin
. Doing this means I'm not overriding my system's sudo, which imo is a safer option - and allows me to continue using sudo
over SSH.
This is down to personal preference really, but I completley agree that pointing out both options in the readme would be a good idea.
@lucasjohnston You can still use sudo over ssh even if you enable this, since pam_tid.so
in the example above is marked as "sufficient". I.e. it is allowed to fail and the authentication mechanism will happily fall through to the next module.
Although this is a cool project, if you add the following line to the top of
/etc/pam.d/sudo
there is no need to replacesudo
:It might be nice to point this out in the README.