The Synology series of NAS boxes, or more specifically their operating system "DSM" supports the addition of pre-configured packages. Currently this includes both an LDAP and a RADIUS server implementation. I believe it would be a great addition if the RADIUS implementation could be adapted to support YubiKey authentication, or alternatively if the existing YubiRADIUS implementation could be wrapped into a DSM package for Synology NAS devices. Creating a Key Validation Server package, for a fully self contained OTP service running locally off the NAS would be even better. The RADIUS service could then have the option of cloud based or local key validation (as well as standard non-Yubikey password authentication), and the key-val package could also be accessed directly via any YubiKey client API.
There are some official android/apple apps produced by Synology for accessing various NAS services too, all of which need to authenticate to the NAS. The YubiKey NEO NFD would seem a perfect enhancement here once the NAS itself supported OTP authentication.
I've seen a couple of posts suggesting YubiKey support on the Synology Forums, but thought it worth raising the subject on the Yubico boards, as readers may have more knowledge about what would be involved and consider taking up the challenge.
|