Extensible Authentication Protocol (EAP) enables third-party authentication modules to interact with the PPP implementation.
EAP extends PPP by providing a standard support mechanism for authentication schemes such as token (smart) cards, Kerberos, Public Key, and S/Key. EAP responds to the increasing demand to augment authentication with third-party security devices. EAP protects secure virtual private networks (VPN) from hackers that use dictionary attacks and password guessing. EAP improves on Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
With EAP, the authentication information is not included in the information, but rather with the information. This allows remote systems to negotiate the necessary authentication before receiving or passing on any information.
The system does not directly support EAP. You can, however, use remote authentication with a Remote Authentication Dial In User Service (RADIUS) server that might support some of the additional authentication schemes described previously.