Is it possible to setup the SA2000 for 2 factor authenticaion without using something like a token?
Can it be setup with local accounts on the SA2000, and then active directory authentication? If so how.?
Any other suggestions for 2 factor authenticaion wiithout the use of a token?
Yes, you could do local authentication and directory authentication. You just set it up in the realm. Choose the 2 different authentication sources. Some would argue that this isnt 2 factor auth. You're missing the "something you have" piece of it.
Do you use Host Checker ? What you could do is bury a unique registry key on all the machines you want to have access to your network. Then, during login search for this value. If it doesnt exist don't let them log in.
This way you have 2 factor auth. It's something you have, (an approved pc), and something you know, (your id/password).
You could also look into 'soft tokens'. I always thought "Bingo Cards" were cool for cheap 2-factor auth but I'm not sure if they ever caught on.
I would recommend taking a look at the non token based two factor authentication from Multifactor. Their web site is www.multifa.com and the product is called SecureAuth.
They are a Juniper partner and I think that their offering is very strong. Justin is right that if were to do local and then AD it does not meet the classic criteria of two factor but it will of course work. I use all sorts of crazy two factor setups in my demo lab - email & AD - radius & ldap - certs and AD......
2 factor or strong authentication def is "something you have" and "something you know. Something you know could be a password or a PIN etc something you have could be a token with one time passwords like secuireID or a certificate. Certificates are cheap or free and do full fill the something you have part of the 2 factor.