pam_touchid.m<\/code> requires a small modification. In particular the following if statement has to be added at the top of the method pam_sm_authenticate.<\/p>\n\r\nif (getenv("SSH_TTY"))\r\nreturn PAM_IGNORE;\r\n<\/pre>\nIn case of a sudo authentication request over SSH the module will do nothing. Sudo will fall back to the regular PAM modules. So lets start Xcode to adjust pam_touchid.m<\/code> and build pam_touchid.so.2<\/code>.
\n![\"Build](\"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/Screen-Shot-2017-01-10-at-20.46.31.png?resize=300%2C202&ssl=1\")
\nCreate a custom directory for the PAM module, copy pam_touchid.so.2<\/code> and adjust the owner and privileges.<\/p>\n\r\nsudo mkdir -p \/usr\/local\/lib\/pam\/\r\nsudo cp pam_touchid.so.2 \/usr\/local\/lib\/pam\/\r\nsudo chown root:wheel \/usr\/local\/lib\/pam\/pam_touchid.so.2\r\nsudo chmod 444 \/usr\/local\/lib\/pam\/pam_touchid.so.2\r\n<\/pre>\nUpdate the sudo configuration and add auth sufficient pam_touchid.so reason="execute a command as another user"<\/code> to the top of the file.<\/p>\n\r\nsudo vi \/etc\/pam.d\/sudo\r\n\r\ncat \/etc\/pam.d\/sudo\r\n# sudo: auth account password session\r\nauth sufficient pam_touchid.so reason="execute a command as another user"\r\nauth required pam_opendirectory.so\r\naccount required pam_permit.so\r\npassword required pam_deny.so\r\nsession required pam_permit.so\r\n<\/pre>\nAs soon as you start a new terminal session, you can use your Touch ID to authenticate sudo. Below you see an example of sudo hostname<\/code> to get the current hostname.
\n![\"TouchID\"](\"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/Screen-Shot-2017-01-10-at-20.57.04.png?resize=625%2C297&ssl=1\")
\nAs mentioned in the realm of the PAM Touch ID project, you have to be sure what your doing. If it is the first time you use Xcode and Terminal, it is probably better to not change your sudo authentication.<\/p>\nThanks to Hamza Sood for this PAM module.<\/p>\n","protected":false},"excerpt":{"rendered":"
A couple of days ago, I’ve received my new 15″ Mac Book Pro. So far I’m quite happy. Ok the the circumstance, that I have to carry around a bunch of adapters. I’m waiting for the first projector at customers with USB-C connection. But thats an other story. Initially I thought, that I will not […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Using #TouchID for sudo on #macOSSierra","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[30,11],"tags":[18],"class_list":["post-2232","post","type-post","status-publish","format-standard","hentry","category-mac-os-x","category-security","tag-trivadiscontent"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1aErb-A0","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":1620,"url":"https:\/\/www.oradba.ch\/wordpress\/2014\/01\/get-rid-of-adobe-pdf-viewer-plugin-in-safari\/","url_meta":{"origin":2232,"position":0},"title":"Get rid of Adobe PDF Viewer plugin in Safari","author":"Stefan","date":"15. January 2014","format":false,"excerpt":"Recently I've had to install the Adobe Acrobat Reader on my MacBook Pro. As usual, I was in a hurry and had no time to complete the installation. Since then Safari will always use Acrobat PDF Viewer plugin to display PDF. Because I prefer using Mac OS Preview to view\u2026","rel":"","context":"In "Mac OS X"","block_context":{"text":"Mac OS X","link":"https:\/\/www.oradba.ch\/wordpress\/category\/mac-os-x\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1580,"url":"https:\/\/www.oradba.ch\/wordpress\/2013\/11\/eclipse-jira-integration-and-sslhandshakeexception\/","url_meta":{"origin":2232,"position":1},"title":"Eclipse Jira integration and SSLHandshakeException","author":"Stefan","date":"15. November 2013","format":false,"excerpt":"Basically I've solved this issue quite a while ago. Unfortunately I did not wrote any kind of documentation. That's why I run again into SSLHandshakeException with my Eclipse installation on my new MacBook Pro, when trying to access our JIRA environment. As it now hopefully take a while until I\u2026","rel":"","context":"In \"Eclipse\"","block_context":{"text":"Eclipse","link":"https:\/\/www.oradba.ch\/wordpress\/tag\/eclipse\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":13340,"url":"https:\/\/www.oradba.ch\/wordpress\/2023\/05\/how-to-safely-resize-an-lvm-volume-on-linux\/","url_meta":{"origin":2232,"position":2},"title":"How to safely resize an LVM volume on Linux","author":"Stefan","date":"21. May 2023","format":false,"excerpt":"I have several Oracle Cloud Infrastructure (OCI) based Lab environments, which I build with Terraform and corresponding shell scripts. Unfortunately the labs are not one size fits all. Depending on what I'm testing, I have different requirements for the available filesystems. So every now and then I face the problem\u2026","rel":"","context":"In "Howto"","block_context":{"text":"Howto","link":"https:\/\/www.oradba.ch\/wordpress\/category\/howto\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2353,"url":"https:\/\/www.oradba.ch\/wordpress\/2017\/09\/start-odsm-on-boot-using-systemd\/","url_meta":{"origin":2232,"position":3},"title":"Start ODSM on boot using systemd","author":"Stefan","date":"7. September 2017","format":false,"excerpt":"A couple of month ago I wrote blog on how to start Oracle Unified Directory (OUD) on system boot (see Start OUD Servers on Boot using systemd) using a unit file and systemd. Quite a simple and straightforward way to start OUD. Why not using the same approach for ODSM?\u2026","rel":"","context":"In "Oracle Unified Directory"","block_context":{"text":"Oracle Unified Directory","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oud\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9217,"url":"https:\/\/www.oradba.ch\/wordpress\/2022\/03\/easy-replacement-of-tnsnames-ora-with-ldap-directory-server\/","url_meta":{"origin":2232,"position":4},"title":"Easy replacement of tnsnames.ora with LDAP Directory Server","author":"Stefan","date":"1. March 2022","format":false,"excerpt":"The tnsnames.ora is a configuration file for Oracle database respectively Oracle Net Service Names resolution. It contains network service names that are mapped to connection descriptors for the local naming method. With the help of tnsnames.ora Oracle clients respectively the users can easily access Oracle databases. The connection descriptors provides\u2026","rel":"","context":"In "19c"","block_context":{"text":"19c","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/19c\/"},"img":{"alt_text":"Oracle Net Service Names","src":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/OracleNamesLDAP_basic.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/OracleNamesLDAP_basic.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/OracleNamesLDAP_basic.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/OracleNamesLDAP_basic.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/OracleNamesLDAP_basic.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/OracleNamesLDAP_basic.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":2280,"url":"https:\/\/www.oradba.ch\/wordpress\/2017\/05\/start-oud-servers-on-boot-using-systemd\/","url_meta":{"origin":2232,"position":5},"title":"Start OUD Servers on Boot using systemd","author":"Stefan","date":"16. May 2017","format":false,"excerpt":"Starting Oracle Unified Directory on system boot is essential for production environment. Unfortunately OUD just provides a script to create the init.d script. But newer system in general use systemd initialise and startup. Nevertheless, creating a custom unit file for OUD is simple and straightforward. First, let's create a regular\u2026","rel":"","context":"In "Linux"","block_context":{"text":"Linux","link":"https:\/\/www.oradba.ch\/wordpress\/category\/linux-2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/2232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/comments?post=2232"}],"version-history":[{"count":5,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/2232\/revisions"}],"predecessor-version":[{"id":2239,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/2232\/revisions\/2239"}],"wp:attachment":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/media?parent=2232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/categories?post=2232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/tags?post=2232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}