eap_config struct

ssl_ctx - TLS context This is passed to the EAP server implementation as a callback context for TLS operations.

eap_sim_db_priv - EAP-SIM/AKA database context This is passed to the EAP-SIM/AKA server implementation as a callback context.

pwd_group - The D-H group assigned for EAP-pwd If EAP-pwd is not used it can be set to zero.

pac_opaque_encr_key - PAC-Opaque encryption key for EAP-FAST This parameter is used to set a key for EAP-FAST to encrypt the PAC-Opaque data. It can be set to %NULL if EAP-FAST is not used. If set, must point to a 16-octet key.

eap_fast_a_id - EAP-FAST authority identity (A-ID) If EAP-FAST is not used, this can be set to %NULL. In theory, this is a variable length field, but due to some existing implementations requiring A-ID to be 16 octets in length, it is recommended to use that length for the field to provide interoperability with deployed peer implementations.

eap_fast_a_id_len - Length of eap_fast_a_id buffer in octets.

eap_fast_a_id_info - EAP-FAST authority identifier information This A-ID-Info contains a user-friendly name for the A-ID. For example, this could be the enterprise and server names in human-readable format. This field is encoded as UTF-8. If EAP-FAST is not used, this can be set to %NULL.

eap_fast_prov - EAP-FAST provisioning modes 0 = provisioning disabled, 1 = only anonymous provisioning allowed, 2 = only authenticated provisioning allowed, 3 = both provisioning modes allowed.

pac_key_lifetime - EAP-FAST PAC-Key lifetime in seconds This is the hard limit on how long a provisioned PAC-Key can be used.

pac_key_refresh_time - EAP-FAST PAC-Key refresh time in seconds This is a soft limit on the PAC-Key. The server will automatically generate a new PAC-Key when this number of seconds (or fewer) of the lifetime remains.

eap_sim_aka_result_ind - EAP-SIM/AKA protected success indication This controls whether the protected success/failure indication (AT_RESULT_IND) is used with EAP-SIM and EAP-AKA.

tnc - Trusted Network Connect (TNC) This controls whether TNC is enabled and will be required before the peer is allowed to connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other EAP method is enabled, the peer will be allowed to connect without TNC.

wps - Wi-Fi Protected Setup context If WPS is used with an external RADIUS server (which is quite unlikely configuration), this is used to provide a pointer to WPS context data. Normally, this can be set to %NULL.

server_id - Server identity.

erp - Whether EAP Re-authentication Protocol (ERP) is enabled This controls whether the authentication server derives ERP key hierarchy (rRK and rIK) from full EAP authentication and allows these keys to be used to perform ERP to derive rMSK instead of full EAP authentication to derive MSK.