EAPHost in Windows

When an access client connects to a protected network, it must use a negotiated authentication method to verify itself to an authentication server. For example, the access client and authentication server may agree to use a specific password authentication protocol, such as Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). However, when an access […]

When an access client connects to a protected network, it must use a negotiated authentication method to verify itself to an authentication server. For example, the access client and authentication server may agree to use a specific password authentication protocol, such as Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). However, when an access client and authentication server use built-in and hardcoded authentication methods, it is difficult to add new protocols.

The Extensible Authentication Protocol (EAP) is an architectural framework that provides extensibility for authentication methods for commonly used protected network access technologies, such as IEEE 802.1X-based wireless networks and Point-to-Point Protocol (PPP) connections such as dial-up and VPN. EAP is not an authentication method like MS-CHAP v2, but rather a framework on the access client and authentication server that allows networking vendors to develop and easily install new authentication methods known as EAP methods. For more background information on EAP, see the Microsoft EAP Web page at microsoft.com/eap.

View: Full post

Microsoft, EAPHost, Windows