macOS automatically resets /etc/pam.d/sudo to its default state after each system upgrade. This launchd configuration adds pam_tid.so to /etc/pam.d/sudo at startup if not present.

Blog post: Persistent sudo Touch ID Authentication on macOS

Only works for macOS Big Sur and below (not from Monterey; see issue #1)

git clone https://github.com/BirkhoffLee/persistent-pam-tid.git
sudo cp persistent-pam-tid/pam-tid-installer /usr/local/bin/
sudo cp persistent-pam-tid/me.birkhoff.persistent_pam_tid.plist /Library/LaunchDaemons/
sudo chown root:wheel /Library/LaunchDaemons/me.birkhoff.persistent_pam_tid.plist
sudo launchctl load -w /Library/LaunchDaemons/me.birkhoff.persistent_pam_tid.plist

sudo rm /usr/local/bin/pam-tid-installer
sudo rm /Library/LaunchDaemons/me.birkhoff.persistent_pam_tid.plist

Only use codes in this repository if you absolutely understand what it means and what it does. Everything in this project has been tested on my machine and clean macOS virtual machines. I take no responsibility and bear no culpability if anything breaks on your machine after using any piece of code in this repo.

This project is released under UNLICENSE.