Greetings! I recently did a presentation on cloud infrastructure and strong authentication. As part of that effort, we have released a plugin for Cloudstack that requires users to use WiKID two-factor authentication when logging into the Cloudstack admin. The source and a jar file can be found on our sourceforge site here https://sourceforge.net/projects/wikid-twofactor/files/Cloudstack%20WiKID%20Integration/ and is licensed under the ASL v2. An installation doc is here: http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-wikid-two-factor-authentication-to-cloudstack-manager.
Some background: WiKID use asymmetric encryption embedded in software tokens to securely transmit PINs one way and OTPs the other to authenticate users. We have a dual source model. This code is fully compatible with the open-source Community version. Why did we do this? Because static passwords suck. Why should you be interested in this? Because almost all attacks involve some escalation of privilege from weak, guessable, stolen or default credentials. "Cloud" brings tremendous benefits but puts a great deal of strain on authentication at all levels. We would love to have this code included in the cloudstack build, if there is interest. Thanks, Nick -- Nick Owen WiKID Systems, Inc. http://www.wikidsystems.com #wikid on freenode @wikidsystems