macOS Sonoma is here, and brings lots of new features with it! A small new improvement is that any changes to enable Touch ID for sudo authentication now persist between upgrades, thanks to a new file: /etc/pam.d/sudo_local. In Ventura and prior, using Touch ID for sudo required modifying /etc/pam.d/sudo directly. macOS upgrades would restore this file, meaning you had to re-do your changes after each update. Since Sonoma, sudo_local will also be respected, and never modified by future macOS upgrades.

Enabling Touch ID for sudo in Sonoma

Apple provides a new template file for sudo_local, so enabling Touch ID is as straight-forward as doing the following:

sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local

The contents of sudo_local.template are as follows:

# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
#auth       sufficient     pam_tid.so

Apple even includes all the information you need to use Touch ID for sudo! You just need to then open /etc/pam.d/sudo_local with your favourite text-editor, and uncomment the 3rd line by removing the # at the beginning of the line.