Content deleted Content added
→EAP Internet Key Exchange v. 2 (EAP-IKEv2): Describing the actual expected authentication combinations of IKEv2 |
Mad Jim Bey (talk | contribs) Reverting edit(s) by 2A01:5EC0:B802:6196:B94B:9B56:F7D7:F8AF (talk) to rev. 1288312694 by Eveninglatte: Disruptive editing (RW 16.1) |
||
| (7 intermediate revisions by 7 users not shown) | |||
Line 1:
{{Short description|Authentication protocol for the point-to-point protocol}}
'''Extensible Authentication Protocol''' ('''EAP''') is an authentication framework frequently used in network and internet connections. It is defined in {{IETF RFC|3748}}, which made {{IETF RFC|2284}} obsolete, and is updated by {{IETF RFC|5247}}.
EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a [[wire protocol]]; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.
EAP is in wide use. For example, in [[IEEE 802.11]] (
==Methods==
Line 82:
|}
When automatic PAC provisioning is enabled, EAP-FAST has a
It is worth noting that the PAC file is issued on a per-user basis. This is a requirement in {{IETF RFC|4851}} sec 7.4.4 so if a new user logs on the network from a device, a new PAC file must be provisioned first. This is one reason why it is difficult not to run EAP-FAST in insecure anonymous provisioning mode. The alternative is to use device passwords instead, but then the device is validated on the network not the user.
| |||