Do to the some reason I have not figured out yet, after having changed my MBP password (via the boot screen password expiration overlay triggered by jamf) I can't seem to authenticate with either the old or the new password, yet I can still use my TouchID to login.
How can I reset my password given that I am still able to authenticate with TouchID?
I assumed that getting a root shell would allow me to reset the password with passwd
but can't get past sudo -i
without a valid password.
Since I can authorise with TouchID I tried opening the root terminal with applescript:
do shell script "/usr/bin/open -a iTerm . & > /dev/null 2>&1 & " with administrator privileges
The script triggers the ootb GUI authentication dialog which I can approve with TouchID, and it shows the iterm2 terminal window in root mode, but the window is not interactive, i.e. it does not accept any keystrokes.
Is there any possible solution out of this other than backing up everything while I still have access to files, and then reinstall the OS from scratch? (FileVault is enabled.)
Best Answer
Proceed at your own risk
You can try to add TouchId as a method to authenticate
sudo
.In Finder go
/etc/pam.d/
, copysudo
to your desktop. Edit this file in a text editor and addauth sufficient pam_tid.so
as top line. It should look like:Now copy this
sudo
file to/etc/pam.d/
. Finder will ask you if you want to replace the existing file. If you selectreplace
, Finder will ask you to authorise the action via TouchID.From that point on you can invoke
sudo
with TouchID.