diff --git a/docs/sudoers.man.in b/docs/sudoers.man.in
index 17148c109..a92b2d519 100644
--- a/docs/sudoers.man.in
+++ b/docs/sudoers.man.in
@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDOERS" "@mansectform@" "January 27, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "@mansectform@" "February 1, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -3251,6 +3251,23 @@ This flag is
 \fIoff\fR
 by default.
 .TP 18n
+noninteractive_auth
+If set, authentication will be attempted even in non-interactive mode
+(when
+\fBsudo\fR's
+\fB\-n\fR
+option is specified).
+This allows authentication methods that don't require user interaction
+to succeed.
+Authentication methods that require input from the user's terminal
+will still fail.
+If disabled, authentication will not be attempted in non-interactive mode.
+This flag is
+\fIoff\fR
+by default.
+.sp
+This setting is only supported by version 1.9.10 or higher.
+.TP 18n
 pam_acct_mgmt
 On systems that use PAM for authentication,
 \fBsudo\fR
diff --git a/docs/sudoers.mdoc.in b/docs/sudoers.mdoc.in
index 6e9390177..88200dccd 100644
--- a/docs/sudoers.mdoc.in
+++ b/docs/sudoers.mdoc.in
@@ -24,7 +24,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd January 27, 2022
+.Dd February 1, 2022
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -3063,6 +3063,22 @@ section at the end of this manual.
 This flag is
 .Em off
 by default.
+.It noninteractive_auth
+If set, authentication will be attempted even in non-interactive mode
+(when
+.Nm sudo Ns 's
+.Fl n
+option is specified).
+This allows authentication methods that don't require user interaction
+to succeed.
+Authentication methods that require input from the user's terminal
+will still fail.
+If disabled, authentication will not be attempted in non-interactive mode.
+This flag is
+.Em off
+by default.
+.Pp
+This setting is only supported by version 1.9.10 or higher.
 .It pam_acct_mgmt
 On systems that use PAM for authentication,
 .Nm sudo
diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c
index 2ba18d27e..25a2087b0 100644
--- a/plugins/sudoers/check.c
+++ b/plugins/sudoers/check.c
@@ -125,6 +125,12 @@ check_user_interactive(int validated, int mode, struct getpass_closure *closure)
 	FALLTHROUGH;
 
     default:
+	if (ISSET(mode, MODE_NONINTERACTIVE) && !def_noninteractive_auth) {
+	    validated |= FLAG_NO_USER_INPUT;
+	    log_auth_failure(validated, 0);
+	    goto done;
+	}
+
 	/* XXX - should not lecture if askpass helper is being used. */
 	lectured = display_lecture(closure->tstat);
 
diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
index 458035221..e5a80e2b8 100644
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -645,6 +645,10 @@ struct sudo_defs_types sudo_defs_table[] = {
 	"rlimit_stack", T_RLIMIT|T_BOOL,
 	N_("The maximum size to which the process's stack may grow (in bytes): %s"),
 	NULL,
+    }, {
+	"noninteractive_auth", T_FLAG,
+	N_("Attempt authentication even when in non-interactive mode"),
+	NULL,
     }, {
 	"log_passwords", T_FLAG,
 	N_("Store plaintext passwords in I/O log input"),
diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
index 850f71cf1..4795177bb 100644
--- a/plugins/sudoers/def_data.h
+++ b/plugins/sudoers/def_data.h
@@ -300,9 +300,11 @@
 #define def_rlimit_rss          (sudo_defs_table[I_RLIMIT_RSS].sd_un.str)
 #define I_RLIMIT_STACK          149
 #define def_rlimit_stack        (sudo_defs_table[I_RLIMIT_STACK].sd_un.str)
-#define I_LOG_PASSWORDS         150
+#define I_NONINTERACTIVE_AUTH   150
+#define def_noninteractive_auth (sudo_defs_table[I_NONINTERACTIVE_AUTH].sd_un.flag)
+#define I_LOG_PASSWORDS         151
 #define def_log_passwords       (sudo_defs_table[I_LOG_PASSWORDS].sd_un.flag)
-#define I_PASSPROMPT_REGEX      151
+#define I_PASSPROMPT_REGEX      152
 #define def_passprompt_regex    (sudo_defs_table[I_PASSPROMPT_REGEX].sd_un.list)
 
 enum def_tuple {
diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
index 10637df95..d0cc1780d 100644
--- a/plugins/sudoers/def_data.in
+++ b/plugins/sudoers/def_data.in
@@ -466,6 +466,9 @@ rlimit_rss
 rlimit_stack
 	T_RLIMIT|T_BOOL
 	"The maximum size to which the process's stack may grow (in bytes): %s"
+noninteractive_auth
+	T_FLAG
+	"Attempt authentication even when in non-interactive mode"
 log_passwords
 	T_FLAG
 	"Store plaintext passwords in I/O log input"
diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c
index a2ddcff8d..ca4bdc2f9 100644
--- a/plugins/sudoers/defaults.c
+++ b/plugins/sudoers/defaults.c
@@ -591,6 +591,7 @@ init_defaults(void)
     def_log_denied = true;
     def_log_format = sudo;
     def_runas_allow_unknown_id = false;
+    def_noninteractive_auth = false;
 
     /* Syslog options need special care since they both strings and ints */
 #if (LOGGING & SLOG_SYSLOG)