Extensible Authentication Protocol

The Extensible Authentication Protocol (EapHost) service provides network authentication in such scenarios as 802.1x wired and wireless, virtual private network (VPN), and Network Access Protection (NAP). The Extensible Authentication Protocol (EAP) also provides APIs that are used by network access clients, including wireless and VPN clients, during the authentication process.

EAP supports authentication schemes such as Generic Token Card, One Time Password (OTP), Message Digest 5 (MD5)-Challenge, Transport Layer Security (TLS) for smart card and digital certificate-based authentication, and future authentication technologies. EAP is a critical technology component for establishing secure connections. If you disable this service, the computer is prevented from accessing networks that require EAP authentication.

This service is installed by default and its startup type is Manual. When the Extensible Authentication Protocol service is started in its default configuration, it logs on by using the Local System account.

The Extensible Authentication Protocol service is dependent upon the following system components:

  • CNG Key Isolation
  • Remote Procedure Call (RPC)
  • DCOM Server Process Launcher
  • RPC Endpoint Mapper

The following components are dependent upon the Extensible Authentication Protocol service:

  • Wired AutoConfig
  • WLAN AutoConfig

Related content