sudo and touchID

Could have sworn I posted this before... This is easy, just modify /etc/pam.d/sudo like

root@sleipnir /opt/ats # cat /etc/pam.d/sudo
# sudo: auth account password session
auth       sufficient     pam_tid.so
.
.

 

Obviously make sure you leave all the other lines in there, or you are in trouble. In iTerm2, you also have to turn off the Advanced setting named

Prefs > Advanced > Allow sessions to survive logging out and back in