RFC 3748 EAP June 2004
7.12. Link Layer. . . . . . . . . . . . . . . . . . . . . . . 53
7.13. Separation of Authenticator and Backend Authentication
Server. . . . . . . . . . . . . . . . . . . . . . . . . 54
7.14. Cleartext Passwords . . . . . . . . . . . . . . . . . . 55
7.15. Channel Binding . . . . . . . . . . . . . . . . . . . . 55
7.16. Protected Result Indications. . . . . . . . . . . . . . 56
8. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . 58
9. References. . . . . . . . . . . . . . . . . . . . . . . . . . 59
9.1. Normative References. . . . . . . . . . . . . . . . . . 59
9.2. Informative References. . . . . . . . . . . . . . . . . 60
Appendix A. Changes from RFC 2284. . . . . . . . . . . . . . . . . 64
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 66
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 67
1. Introduction
This document defines the Extensible Authentication Protocol (EAP),
an authentication framework which supports multiple authentication
methods. EAP typically runs directly over data link layers such as
Point-to-Point Protocol (PPP) or IEEE 802, without requiring IP. EAP
provides its own support for duplicate elimination and
retransmission, but is reliant on lower layer ordering guarantees.
Fragmentation is not supported within EAP itself; however, individual
EAP methods may support this.
EAP may be used on dedicated links, as well as switched circuits, and
wired as well as wireless links. To date, EAP has been implemented
with hosts and routers that connect via switched circuits or dial-up
lines using PPP [RFC1661]. It has also been implemented with
switches and access points using IEEE 802 [IEEE-802]. EAP
encapsulation on IEEE 802 wired media is described in [IEEE-802.1X],
and encapsulation on IEEE wireless LANs in [IEEE-802.11i].
One of the advantages of the EAP architecture is its flexibility.
EAP is used to select a specific authentication mechanism, typically
after the authenticator requests more information in order to
determine the specific authentication method to be used. Rather than
requiring the authenticator to be updated to support each new
authentication method, EAP permits the use of a backend
authentication server, which may implement some or all authentication
methods, with the authenticator acting as a pass-through for some or
all methods and peers.
Within this document, authenticator requirements apply regardless of
whether the authenticator is operating as a pass-through or not.
Where the requirement is meant to apply to either the authenticator
or backend authentication server, depending on where the EAP
authentication is terminated, the term "EAP server" will be used.
Aboba, et al. Standards Track [Page 3]
评论0
最新资源