What would you think of this:
I see the following benefits:
- Self hosted (and self controlled) 2nd auth step
- uses standards to support different hardware- and soft-tokens
- comes with an android soft-token with sourcecode -> so you can brand it with your own logo
- can act as OpenID provider
-> Next Idea for ISPConfig: New Flag "Disable OpenID" to Mail Users and pass not-activated mail users to Dynalogin for authentication via OpenID.
Could be done by including a subdomain 'id' to each zone which points to the DynaLogin-Server.
So my OpenID URL would be http://id.customerdom.ain/theWeird