sudo and touchID

Could have sworn I posted this before... This is easy, just modify /etc/pam.d/sudo like

root@sleipnir /opt/ats # cat /etc/pam.d/sudo
# sudo: auth account password session
auth       sufficient


Obviously make sure you leave all the other lines in there, or you are in trouble. In iTerm2, you also have to turn off the Advanced setting named

Prefs > Advanced > Allow sessions to survive logging out and back in