EAP Registry Settings (Windows Embedded CE 6.0)
1/6/2010
The setup software for the EAP dynamic-link library (DLL) can create a set of registry keys and values for the extension protocol. These keys and values should be located under the HKEY_LOCAL_MACHINE\Comm\Eap\Extension\<eaptypeid> registry path, with <eaptyeid> being the identifier of the authentication protocol.
Note
The default registry values vary, depending on which Catalog items are included in your OS design. For more information, see Windows Embedded CE topic Default Registry Settings.
The following table shows possible registry values for an EAP extension protocol.
Note
The EAP registry values Path and FriendlyName are required.
Value : type | Description |
---|---|
ConfigData : REG_BINARY |
Specifies default configuration data for the authentication protocol. |
ConfigUIPath : REG_EXPAND_SZ |
Specifies the path to the DLL that implements the configuration UI. |
FriendlyName : REG_SZ |
Specifies a friendly name for the authentication protocol. This name will appear in the Dial-up Networking user interface (UI). |
IdentityPath : REG_EXPAND_SZ |
Specifies the path to the DLL that implements functions to obtain the user's identity. |
InteractiveUIPath : REG_EXPAND_SZ |
Specifies the path to the DLL that implements the interactive UI. |
InvokePasswordDialog : REG_DWORD |
Specifies whether RAS should display the standard password dialog. If this value exists and is zero, RAS will not display the password dialog. The default value is 1. |
InvokeUsernameDialog : REG_DWORD |
Specifies whether RAS should display the standard user name dialog box, with a value of 1, or invoke RasEapGetIdentity, with a value of zero. The default value is 1. |
MPPEEncryptionSupported : REG_DWORD |
If this value is 1, the authentication protocol can generate keys for the Microsoft Point-to-Point Encryption (MPPE) style of encryption. Possible values are zero or 1. The default value is zero. |
Path : REG_EXPAND_SZ |
Specifies the path to the EAP DLL. |
RequireConfigUI : REG_DWORD |
Specifies whether the user must provide configuration data in the Dial-up Networking UI. If this value is 1, the user will not be allowed to exit the Dial-up Networking UI without providing configuration data. The default value is zero. |
StandaloneSupported : REG_DWORD |
Specifies whether this authentication protocol is supported. A value of zero indicates that the EAP is not supported. The default value is 1. |
The registry path for EAP over LAN (EAPOL) authentication is HKEY_LOCAL_MACHINE\Comm\EAPOL. The following table shows possible registry values to specify for this path.
Value : type | Description |
---|---|
AuthPeriodSeconds : REG_DWORD |
Specifies the number of seconds to wait for a message from the server in the Acquired or Authenticating state. The default value is 30. |
HeldPeriodSeconds : REG_DWORD |
Specifies the number of seconds to wait and ignore all messages after a few failed authentications. This registry key is used to hinder brute force attacks. The default value is 60. |
MaxStart : REG_DWORD |
Specifies the maximum number of times to send an EAPOL_Start message while receiving no response. After this many tries and no responses, EAPOL assumes that the peer does not support 802.1x authentication, and enters the Authenticated state to allow network activity to proceed. The default value is 3. |
StartPeriodSeconds : REG_DWORD |
Specifies the time, in seconds, to wait before sending an EAPOL_Start message. The default value is 3. |