Catalina - Configure Sudoers to Authenticate Users on a Per -tty Basis
The file /etc/sudoers _MUST_ be configured to include tty_tickets. This rule ensures that the "sudo" command will prompt for the administrator's password at least once in each newly opened terminal window. This prevents a malicious user from taking advantage of an unlocked computer or an abandoned logon session by bypassing the normal password prompt requirement. Without the "tty_tickets" option, all open local and remote logon sessions would be authenticated to use sudo without a password for the duration of the configured password timeout window.