Share via


EAP Registry Settings (Windows Embedded CE 6.0)

1/6/2010

The setup software for the EAP dynamic-link library (DLL) can create a set of registry keys and values for the extension protocol. These keys and values should be located under the HKEY_LOCAL_MACHINE\Comm\Eap\Extension\<eaptypeid> registry path, with <eaptyeid> being the identifier of the authentication protocol.

Note

The default registry values vary, depending on which Catalog items are included in your OS design. For more information, see Windows Embedded CE topic Default Registry Settings.

The following table shows possible registry values for an EAP extension protocol.

Note

The EAP registry values Path and FriendlyName are required.

Value : type Description

ConfigData : REG_BINARY

Specifies default configuration data for the authentication protocol.

ConfigUIPath : REG_EXPAND_SZ

Specifies the path to the DLL that implements the configuration UI.

FriendlyName : REG_SZ

Specifies a friendly name for the authentication protocol. This name will appear in the Dial-up Networking user interface (UI).

IdentityPath : REG_EXPAND_SZ

Specifies the path to the DLL that implements functions to obtain the user's identity.

InteractiveUIPath : REG_EXPAND_SZ

Specifies the path to the DLL that implements the interactive UI.

InvokePasswordDialog : REG_DWORD

Specifies whether RAS should display the standard password dialog. If this value exists and is zero, RAS will not display the password dialog. The default value is 1.

InvokeUsernameDialog : REG_DWORD

Specifies whether RAS should display the standard user name dialog box, with a value of 1, or invoke RasEapGetIdentity, with a value of zero. The default value is 1.

MPPEEncryptionSupported : REG_DWORD

If this value is 1, the authentication protocol can generate keys for the Microsoft Point-to-Point Encryption (MPPE) style of encryption. Possible values are zero or 1. The default value is zero.

Path : REG_EXPAND_SZ

Specifies the path to the EAP DLL.

RequireConfigUI : REG_DWORD

Specifies whether the user must provide configuration data in the Dial-up Networking UI. If this value is 1, the user will not be allowed to exit the Dial-up Networking UI without providing configuration data. The default value is zero.

StandaloneSupported : REG_DWORD

Specifies whether this authentication protocol is supported. A value of zero indicates that the EAP is not supported. The default value is 1.

The registry path for EAP over LAN (EAPOL) authentication is HKEY_LOCAL_MACHINE\Comm\EAPOL. The following table shows possible registry values to specify for this path.

Value : type Description

AuthPeriodSeconds : REG_DWORD

Specifies the number of seconds to wait for a message from the server in the Acquired or Authenticating state. The default value is 30.

HeldPeriodSeconds : REG_DWORD

Specifies the number of seconds to wait and ignore all messages after a few failed authentications. This registry key is used to hinder brute force attacks. The default value is 60.

MaxStart : REG_DWORD

Specifies the maximum number of times to send an EAPOL_Start message while receiving no response. After this many tries and no responses, EAPOL assumes that the peer does not support 802.1x authentication, and enters the Authenticated state to allow network activity to proceed. The default value is 3.

StartPeriodSeconds : REG_DWORD

Specifies the time, in seconds, to wait before sending an EAPOL_Start message. The default value is 3.

See Also

Concepts

EAP Installation

Other Resources

Extensible Authentication Protocol