METHOD AND APPARATUS FOR DETERMINING AUTHENTICATION CAPABILITIES

摘要

A method is disclosed for determining the authentication capabilities of a supplicant before initiating an authentication conversation with a client (104), for example, using Extensible Authentication Protocol (EAP). In one aspect, the method provides for sending (130), to a supplicant (104) that is requesting access to a computer network (110) subject to authentication of a user (102) of the supplicant (104), a list of first authentication methods (112) that are supported by an authentication server (150); receiving (152), from the supplicant (104), a counter-list of second authentication methods (112) that are supported by the supplicant (104); determining how many second authentication methods in the counter-list match the first authentication methods (154); and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods (156). Policy actions can include blocking access, re-directing to sources of acceptable authentication methods, granting one of several levels of network access, etc (162-170).