Path: csiph.com!eternal-september.org!feeder.eternal-september.org!reader02.eternal-september.org!kreme.dont-email.me!.POSTED!not-for-mail
From: Lewis <g.kreme@kreme.dont-email.me>
Newsgroups: comp.sys.mac.system
Subject: Re: Got an Apple Watch? Got a Mac? Got Sudo?
Date: Fri, 20 Nov 2020 21:35:17 -0000 (UTC)
Organization: Miskatonic U
Lines: 42
Message-ID: <slrnrrgdkl.14g6.g.kreme@ProMini.lan>
References: <slrnrrfrpa.dag.g.kreme@ProMini.lan> <FUStH.4406$5J3.1824@fx09.iad> <slrnrrfvlt.dag.g.kreme@ProMini.lan> <i1qfasFoiokU1@mid.individual.net>
Reply-To: g.kreme@gmail.don-t-email-me.com
Injection-Date: Fri, 20 Nov 2020 21:35:17 -0000 (UTC)
Injection-Info: kreme.dont-email.me; posting-host="95dd4d2ab06379bceb2866dd54cece70"; logging-data="4121"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19P+XpfZH3jqagG1A8Kly/9"
User-Agent: slrn/1.0.3 (Darwin)
Cancel-Lock: sha1:gBWMq9Hr0NXslPS/l3w95vFLowc=
X-Face: )^b5"R:T7U>9~:PEn3YkzMfW*[b1qKeU.fP9C8~8HpU9}lA&6`bH1z
X-Clacks-Overhead: GNU Terry Pratchett
Mail-Copies-To: nobody
Xref: csiph.com comp.sys.mac.system:135096

In message <i1qfasFoiokU1@mid.individual.net> Jolly Roger <jollyroger@pobox.com> wrote:
> On 2020-11-20, Lewis <g.kreme@kreme.dont-email.me> wrote:
>>
>> If you have an Apple Watch many authorizations from you mac can be
>> confirmed by tapping oyur watch's side button instead of typing in
>> your password. Things like unlocking System preferences, deleting apps
>> from the Application folder, etc.
>>
>> This adds invoking sudo from the command line to that list.

> I just installed it and added this line to /etc/pam.d/sudo:

>   auth sufficient pam_watchid.so "reason=execute a command as root"

The quoted part is just for the logs, I don't think it's required.

> I'm still seeing the password prompt, even in new shells. 

> Hmmm... Is a service/computer restart required?

I don't think so, but I did reboot after that because I installed some
Rogue Amoeba app and that required a restart, so maybe?

>> (If you have a touchID Mac, there is a similar process to enable sudo on
>> those, but it does not require downloading anything, simply editing the
>> /etc/pam/sudo file, IIRC. I don't have a touchID mac, so I've not looked
>> into it.)

> From what I've read, adding this line enables Touch ID for sudo
> operations:

>   auth sufficient pam_tid.so

> I haven't tried this yet on my MacBook Pro.

Yes, that looks right. I am unlikely to have a new MBP with touchID
anytime soon, however.


-- 
Windle shook his head sadly. Five exclamation marks, the sure sign of
	an insane mind. --Reaper Man