Gnuk implements "INTERNAL AUTHENTICATE" command of OpenPGP card protocol 2.0.

You can now import your authentication subkey to USB Token by Gnuk.

If you have authentication subkey, do the following:

$ gpg --edit-key  <YOUR-KEY-ID>
[...]
Command> toggle
[...]
Command> key 2
[...]
Command> keytocard

The problem is adding authentication subkey to your key.

To generate&add authentication subkey with GnuPG, we need to supply --expert option like following:

$ gpg --expert --edit-key <YOUR-KEY-ID>
[...]
Command> addkey
[...]
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
Your selection? 8

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? A
[...]
Your selection? S
[...]
Your selection? E
[...]
Your selection? Q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
[...]

Alternatively, you can use Monkeysphere to generate authentication subkey.

$ monkeysphere g <YOUR-KEY-ID>