About Extensible Authentication Protocol (EAP)

[This is preliminary documentation and subject to change.]

Support for the Extensible Authentication Protocol (EAP) is available on Microsoft® Windows NT® Version 5.0 or later. EAP improves on previous authentication protocols such as Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). Windows NT continues to support these earlier authentication protocols as well.

EAP allows third-party authentication modules to interact with the Windows NT Remote Access Service (RAS) Point to Point Protocol (PPP) implementation. EAPs availability on Windows NT is in response to increasing demand to augment RAS authentication with third-party security devices. EAP is an extension to PPP, providing a standard support mechanism for authentication schemes such as token cards, Kerberos, Public Key, and S/Key. EAP is fully supported on both the Windows NT Dial-Up Server and the Dial-Up Networking Client. EAP is a critical technology component for secure Virtual Private Networks (VPN), protecting them against brute force or dictionary attacks and password guessing.