Extensible authentication protocol

Edit online

The Extensible Authentication Protocol (EAP) is a protocol designed to support multiple authentication methods.

EAP specifies the structure of an authentication communication between a client and an authentication server, without defining the content of the authentication data. This content is defined by the specific EAP method that is used for authentication. Common EAP methods include:

  • MD5-challenge
  • One-time password
  • Generic token card
  • Transport layer security (TLS)

RADIUS takes advantage of EAP by specifying RADIUS attributes that are used to transfer EAP data between the RADIUS server and its clients. This EAP data can then be sent by the RADIUS server directly to back-end servers that implement the various EAP authentication methods.

The AIX® RADIUS server supports only the EAP-TLS and MD5-challenge EAP methods.

You can set the EAP method used to authenticate a user, at the user level, by setting a value in the user's entry in either the local database or LDAP.

By default, EAP is turned off for each user.