How to add two-factor authentication to Google Apps for your Domain using open source software

Everybody loves GMail. With Google Apps for you Domain, you can use GMail with your own domain, allowing organizations to outsource their email - and the requisite anti-spam filtering to Google. Webmail is very convenient, but for frequent travellers and those who use public wifi, it can be quite dangerous. Logging in from a kiosk or shared computer is a sure way to get your username and password stolen by a keystroke logger. Using a public WiFi system can lead to a man-in-the-middle attack. In this document we will take advantage of two open source projects to add two-factor authentication to Google Apps. The first is Gheimdall, a a TurboGears project for Google Apps SSO service. Gheimdall supports PAM and LDAP authentication natively. It also includes sample code to add new authentication methods, which made it very easy to add two-factor authentication from WiKID. WiKID is a dual-source two-factor authentication solution that uses public key cryptography to strongly authenticate users.