EAP Support (Windows Embedded CE 6.0)


Windows Embedded CE supports the Extensible Authentication Protocol (EAP). EAP allows third-party authentication applications to interact with the Point-to-Point Protocol (PPP). With PPP authentication protocols, such as CHAP, MS-CHAP, and MS-CHAP v2, a specific authentication mechanism is chosen during the link establishment phase. During the connection authentication phase, the negotiated authentication protocol is used to validate the connection.

The authentication protocol consists of a fixed series of messages sent in a specific order. Unlike a PPP dial-up session, with EAP the specific authentication mechanism is not chosen during the link establishment phase of the PPP connection. Instead, each PPP peer negotiates to perform EAP authentication during the connection authentication phase. When the connection authentication phase is reached, the peers negotiate the use of a specific EAP authentication scheme known as an EAP type.

After the peers have agreed on an EAP type, EAP allows an open-ended exchange of messages between the access client and the authenticating server that is the RADIUS server. This exchange can vary based on the parameters of the connection. The conversation consists of requests for authentication information and the responses. The length and detail of the authentication conversation depends on the EAP type.

Architecturally, EAP is designed to allow authentication plug-in applications at both the access client and authenticating server ends of a connection. To add support for a new EAP type, you must install an EAP type library file on both the access client and the authenticating server. This extensibility presents vendors with the opportunity to supply a new authentication scheme at any time.

You can use EAP to support authentication schemes such as Generic Token Card, One Time Password (OTP), MD5-Challenge, Transport Level Security (TLS) for smart card, as well as certificate support.

Windows Embedded CE only supports client certificates using its wireless authentication components. Machine certificates are not supported.

In addition to support within PPP, EAP is also supported within the IEEE 802 link layer. IEEE 802.1x defines how EAP is used for authentication by IEEE 802 devices, including IEEE 802.11b wireless APs and Ethernet switches. IEEE 802.1x differs from PPP in that only EAP authentication methods are supported.

Windows Embedded CE supports the following EAP protocols:

Community Additions