I was wondering if anyone knows anything about implementing a two-factor authentication scheme for logging into a physical machine. I've seen some tutorials elsewhere where pam_usb is used but I've also read more about the insecurity of storing encryption keys on a USB stick. I wonder if it would be possible to have some kind of LDAP or Kerberos login that uses a OTP (one time password) generated from either a hardware token or a software token on a cell phone. I've seen some really great tutorials here about the use of WiKID in this matter but not for a desktop login. Thanks