Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

EAP is a framework for extending authentication techniques in PPP (Point-to-Point Protocol). PPP is designed to transport datagrams over a point-to-point link. It is commonly used for dial-up connections. EAP is discussed in RFC 2284 (PPP Extensible Authentication Protocol, March 1998).

Internet users use PPP when they dial into a remote access server. Built into PPP is a Link Control Protocol (LCP) that establishes a link between the systems. LCP can then optionally negotiate an authentication protocol that authenticates the user. The traditional authentication method has been either PAP or CHAP (PAP is not considered secure). RADIUS servers are typically used to authenticate users.

What EAP does is open up the possibilities to use a range of new authentication protocols, including token cards, one-time passwords, and biometric techniques.

RFC 2716 (PPP EAP TLS Authentication Protocol, October 1999) describes how EAP works with TLS (Transport Layer Security), which defines high levels of mutual authentication, key exchange, and integrity-protected negotiations of security protocols.

EAPOE (Extensible Authentication Protocol Over Ethernet) is an IEEE development that extends the benefits of EAP to LANs, including the ability to authenticate users with a variety of protocols.