Extensible Authentication Protocol (EAP)

The Extensible Authentication Protocol (EAP) is an extension to the Point-to-Point Protocol (PPP) that allows arbitrary authentication methods using credential and information exchanges of arbitrary lengths. EAP was developed in response to an increasing demand for authentication methods that uses other security devices and provides an industry-standard architecture for support of additional authentication methods within PPP.

By using EAP, support for a number of specific authentication schemes known as EAP types may be added, including token cards, one-time passwords, public key authentication using smart cards, certificates, and others. EAP, in conjunction with strong EAP types, is a critical technology component for secure virtual private network (VPN) connections. Strong EAP types such as those based on certificates offer better security against brute-force or dictionary attacks and password guessing than password-based authentication protocols, such as CHAP or MS-CHAP.

To find out if an EAP type is being used in your organization, contact your network administrator.

Windows XP includes support for two EAP types:

EAP-MD5 CHAP (equivalent to the CHAP authentication protocol)

EAP-TLS used for user certificate-based authentication.

EAP-TLS is a mutual authentication method, which means that both the client and the server prove their identities to each other. During the EAP-TLS exchange, the remote access client sends its user certificate and the remote access server sends its computer certificate. If either certificate is not sent or is invalid, the connection is terminated.

Note

During the EAP-TLS authentication process, shared secret encryption keys for Microsoft Point-to-Point Encryption (MPPE) are generated.

Related Topics

Configure identity authentication and data encryption settings for a dial-up connection

Configure identity authentication and data encryption settings for a VPN connection



© 2016 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies