So, you have a mac computer with touch id and you would like to use it also when you do "sudo su -" on Terminal but there is no menu to let you set up this.
You actually can, via Terminal :)
PS: there is one small downside. You need to do this after each OS upgrade. But since it doesn't happen so often and the procedure is very simple, I am ok with it.
1. Become root with sudo command (you will have to type the password this time):
fmbpro:~ florian$ sudo su - Password: fmbpro:~ root#
2. Go to /private/etc/pam.d/ and you will find a file there named sudo. Change its permissions so it can be writable:
fmbpro:pam.d root# ls -la sudo -r--r--r-- 1 root wheel 246 Jun 8 03:23 sudo fmbpro:pam.d root# chmod gou+w sudo fmbpro:pam.d root# ls -la sudo -rw-rw-rw- 1 root wheel 246 Jun 8 03:23 sudo
3. Add "auth sufficient pam_tid.so" right after the first line (the commented one). The file should look like this afterwards:
fmbpro:pam.d root# cat sudo # sudo: auth account password session auth sufficient pam_tid.so auth sufficient pam_smartcard.so auth required pam_opendirectory.so account required pam_permit.so password required pam_deny.so session required pam_permit.so
4. Edit back the permissions:
fmbpro:pam.d root# chmod gou-w sudo fmbpro:pam.d root# ls -la sudo -r--r--r--@ 1 root wheel 283 Sep 3 01:05 sudo