Manualshelf

User Guide

ManualsBrandsApple ManualsOtherIPHONE OS
81828384858687888990
82 Appendix B Configuration Profile Format
EAPClientConfiguration Dictionary
In addition to the standard encryption types, its possible to specify an enterprise
profile for a given network via the “EAPClientConfiguration key. This key is declared as
kEAPOLControlEAPClientConfiguration in <EAP8021X/EAPOLControlTypes.h>.
If present, its value is a dictionary with the following keys.
Key Value
UserName String, optional. Unless you know the exact user name, this
property won’t appear in an imported configuration. Users can
enter this information when they authenticate.
AcceptEAPTypes Array of integer values. These EAP types are accepted:
13 = TLS
17 = LEAP
21 = TTLS
25 = PEAP
43 = EAP-FAST
TLSTrustedCertificates Array of data values, optional. This is the list of certificates to be
trusted for this authentication. Each data element contains the
.cer form of the corresponding certificate.
This key lets you craft the list of certificates that are expected for
the given network, and avoids asking the user to dynamically
set trust on a certificate.
Dynamic trust (the certificate dialogue) is disabled if this
property is specified, unless TLSAllowTrustExceptions is also
specified with the value true (see below).
TLSTrustedServerCommonNames Array of string values, optional. This is the list of server certificate
common names that will be accepted. You can use wildcards to
specify the name, such as wpa.*.example.com. If a server
presents a certificate that isn’t in this list, it won’t be trusted.
Used alone or in combination with TLSTrustedCertificates, the
property allows someone to carefully craft which certificates to
trust for the given network, and avoid dynamically trusted
certificates.
Dynamic trust (the certificate dialogue) is disabled if this
property is specified, unless TLSAllowTrustExceptions is also
specified with the value true (see below).
TLSAllowTrustExceptions Boolean, optional. Allows/disallows a dynamic trust decision by
the user. The dynamic trust is the certificate dialogue that
appears when a certificate isn’t trusted. If this is false, the
authentication fails if the certificate isn’t already trusted. See
TLSTrustedCertificates and TLSTrustedServerCommonNames
above.
The default value of this property is true unless either
TLSTrustedCertificates or TLSTrustedServerCommonNames is
supplied, in which case the default value is false.