Extensible Authentication Protocol (EAP)
The Extensible Authentication Protocol (EAP) is an extension to the Point-to-Point Protocol (PPP) that allows arbitrary authentication methods using credential and information exchanges of arbitrary lengths. EAP was developed in response to an increasing demand for authentication methods that uses other security devices and provides an industry-standard architecture for support of additional authentication methods within PPP.
By using EAP, support for a number of specific authentication schemes known as EAP types may be added, including token cards, one-time passwords, public key authentication using smart cards, certificates, and others. EAP, in conjunction with strong EAP types, is a critical technology component for secure virtual private network (VPN) connections. Strong EAP types such as those based on certificates offer better security against brute-force or dictionary attacks and password guessing than password-based authentication protocols, such as CHAP or MS-CHAP.
To find out if an EAP type is being used in your organization, contact your network administrator.
Windows XP includes support for two EAP types:
EAP-TLS is a mutual authentication method, which means that both the client and the server prove their identities to each other. During the EAP-TLS exchange, the remote access client sends its user certificate and the remote access server sends its computer certificate. If either certificate is not sent or is invalid, the connection is terminated.