Add Apple Watch authentication to sudo

Since 1Password added Apple Watch unlock I’ve wondered if there are other situations when I need to enter my password where it instead require a click of my Watch instead. I recently came across an article about how to make sudo work with Touch ID, which is nice, but my iMac Pro doesn’t have Touch ID. I went searching though and found pam-watchid!

This is a PAM module for using the Watch – exactly what I want.

It’s Open Source, so you compile it yourself as per the README, so make sure you have Xcode or the Xcode Command Line Tools installed:

  • Download the latest ZIP file
  • Unzip, which by default creates a folder called pam-watchid-main
  • Open Terminal and install it:
    • $ cd ~/Downloads/pam-watchid-main
    • $ sudo make install

  • Regsiter the new PAM module for sudo:
    • Edit /etc/pam.d/sudo
    • Add a new line under line 1 (which is a comment) containing:
      auth sufficient pam_watchid.so
      

      (Leave all other lines in this file.)

That’s it. Now, whenever you use sudo, you have the option of using your Watch to authenticate.


from Rob Allen’s DevNotes https://ift.tt/2JORV1Z
via IFTTT

Leave a Reply

Back to Top