EAP Frequently Asked Questions

The following topic provides answers to commonly-asked questions about the EAP APIs.

Question Answer
What is the lifetime of an EAP authentication? In a typical situation the authentication consists of everything that occurs between calling the RapEapBegin and RasEapEnd functions. When a user chooses to configure an EAP provider in the RRAS snap-in, an authentication consists of everything that occurs between calling the Initialize and Uninitialize methods.
What is "group policy"? For a description of group policy, see Group Policy Collection.
Can EAP functions override configuration policy specified by group policy? No, never. If group policy is in use, group policy settings will always override EAP configuration settings.
I need to warn users about invalid PIN attempts. Is it possible to capture an invalid pin code? When the user enters the wrong PIN, Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) will send an error codes to the VPN supplicant. Once an error code is returned, the supplicant can implement its preferred retry logic.
What is EAP-Transport Level Security (EAP-TLS)? EAP-TLS is a client-server protocol in which distinct certificate profiles are typically used for the client and server.For more information, see IETF RTC 2716.

Using Extensible Authentication Protocol