EAP Frequently Asked Questions
The following topic provides answers to commonly-asked questions about the EAP APIs.
|What is the lifetime of an EAP authentication?||In a typical situation the authentication consists of everything that occurs between calling the RapEapBegin and RasEapEnd functions. When a user chooses to configure an EAP provider in the RRAS snap-in, an authentication consists of everything that occurs between calling the Initialize and Uninitialize methods.
|What is "group policy"?||For a description of group policy, see Group Policy Collection.|
|Can EAP functions override configuration policy specified by group policy?||No, never. If group policy is in use, group policy settings will always override EAP configuration settings.|
|I need to warn users about invalid PIN attempts. Is it possible to capture an invalid pin code?||When the user enters the wrong PIN, Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) will send an error codes to the VPN supplicant. Once an error code is returned, the supplicant can implement its preferred retry logic.|
|What is EAP-Transport Level Security (EAP-TLS)?||EAP-TLS is a client-server protocol in which distinct certificate profiles are typically used for the client and server.For more information, see IETF RTC 2716.