Synology’s DSM has built-in MFA support, though it also has some features for external identity management. I don’t think Keycloak and so on would be compatible though.

C++ does have the problem that references are not objects, which introduces many subtle issues. For example, you cannot use a type like std::vector<int&>, so that templated code will often have to invoke std::remove_reference<T> and so on. Rust opts for a more consistent data model, but then introduces auto-deref (and the Deref trait) to get about the same usability C++ has with references and operator->. Note that C++ will implicitly chain operator-> calls until a plain pointer is reached, whereas Rust will stop dereferencing once a type with a matching method/field is found. Having deep knowledge of both languages, I’m not convinced that C++ features “straightforward consistency” here…