Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/spaghetti-/pam-touchid
Pluggable Authentication Module for TouchID enabled MacBooks
https://github.com/spaghetti-/pam-touchid
macos pam-module touchbar touchid
Last synced: about 2 months ago
JSON representation
Pluggable Authentication Module for TouchID enabled MacBooks
- Host: GitHub
- URL: https://github.com/spaghetti-/pam-touchid
- Owner: spaghetti-
- Created: 2017-06-04T11:40:41.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2021-03-07T20:28:52.000Z (over 3 years ago)
- Last Synced: 2024-06-12T06:37:43.190Z (3 months ago)
- Topics: macos, pam-module, touchbar, touchid
- Language: Objective-C
- Size: 13.7 KB
- Stars: 32
- Watchers: 8
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
Pluggable Authentication Module using Touch-ID
----------------------------------------------This module allows us to authenticate services via touch-id using Apple's
`LocalAuthentication` API. I am using the module to authenticate `sudo` as it's
something we run frequently. The module can be dropped in to authenticate any
other PAM enabled service as well.NOTE: Apple has added its own pam touch-id module to the OS and you should
use that. Please see: https://news.ycombinator.com/item?id=26302139Compilation
-----------Compile this module as the user who has touchid active. Otherwise manually edit
the user id's inside the .m file.`make all`
Caveats
-------The compiled module must be installed to `/usr/lib/pam` which is a system
directory protected by System Integrity Protection (SIP). To install the module
you have to disable this (no worries, it can be enabled later).Reboot while holding Command-R, go into the recovery mode and spawn a new shell.
In the shell run```
csrutil disable
```Reboot, copy the module over by doing `sudo cp pam_touchid.so /usr/lib/pam/`
Next, add this line to the top of `/etc/pam.d/sudo`
```
auth sufficient pam_touchid.so
```This also allows fallback to standard password authentication if your finger
fails.Reboot back into recovery to enable SIP again
```
csrutil enable
```Screenshot
----------Here's what shows on the touchbar when you try to `sudo` with the module
installed![Touchbar screenshot](tscrot.png)