hey everybody,

I was looking for some help researching a new solution for my company. I was interested in implementing an LDAP solution for my company, and wanted to see if you guys know if two-factor authentication is possible. I wanted to outfit the employees with some cheap USB keys.

Here's my overall goal I guess. I'm going to be implementing a Samba PDC that authenticates to LDAP for all the windows clients. I wanted to see if it's possible to use a hardware token to add an extra layer of security. It's also a very VPN dependent shop, so I am going to try my hand at doing OpenVPN with authentication using the same USB key. That way for all the laptop users, they'd have to steal the laptop and the USB key. If they have to use it for both home and work, they'll be more likely to put it on their car keys instead of permanently stored in a laptop bag or leaving it plugged in the computer.

i'm open to ideas and suggestions as we're going to be switching out some old servers and putting together something brand new. I also have VMware server to test anything, so please any suggestions at all would be great. Oh, and I am the IT budget so I guess my total to spend on hardware or software would be about $1000.

Thanks for your help guys.