From cb6d55f4bb428a761fd63f8fec9b30e97724142e Mon Sep 17 00:00:00 2001
From: Sami Samhuri <sami@1se.co>
Date: Fri, 19 Nov 2021 11:13:27 -0800
Subject: [PATCH] Add script to enable Touch ID for sudo

---
 enable-sudo-touch-id | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100755 enable-sudo-touch-id

diff --git a/enable-sudo-touch-id b/enable-sudo-touch-id
new file mode 100755
index 0000000..777c5e0
--- /dev/null
+++ b/enable-sudo-touch-id
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+grep -F "pam_tid" /etc/pam.d/sudo >/dev/null
+case $? in
+  0)
+    echo "TouchID unlock already in place"
+    ;;
+
+  1)
+    sudo sed -i '' '1a\
+auth       sufficient     pam_tid.so
+    ' /etc/pam.d/sudo
+
+    echo "TouchID unlock enabled"
+    ;;
+
+  *)
+    echo "Error trying to read /etc/pam.d/sudo"
+    ;;
+esac