EAP Frequently Asked Questions
The following topic provides answers to commonly-asked questions about the EAP APIs.
| Question | Answer |
|---|---|
| What is the lifetime of an EAP authentication? | In a typical situation the authentication consists of everything that occurs between calling the RapEapBegin and RasEapEnd functions. When a user chooses to configure an EAP provider in the RRAS snap-in, an authentication consists of everything that occurs between calling the Initialize and Uninitialize methods. |
| What is "group policy"? | For a description of group policy, see Group Policy Collection. |
| Can EAP functions override configuration policy specified by group policy? | No, never. If group policy is in use, group policy settings will always override EAP configuration settings. |
| I need to warn users about invalid PIN attempts. Is it possible to capture an invalid pin code? | When the user enters the wrong PIN, Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) will send an error codes to the VPN supplicant. Once an error code is returned, the supplicant can implement its preferred retry logic. |
| What is EAP-Transport Level Security (EAP-TLS)? | EAP-TLS is a client-server protocol in which distinct certificate profiles are typically used for the client and server.For more information, see IETF RTC 2716. |