56 Appendix B Configuration Profile Format
For 802.1X enterprise networks, the EAP Client Configuration Dictionary must be
provided.
EAPClientConfiguration Dictionary
In addition to the standard encryption types, it is also possible to specify an enterprise
profile for a given network via the “EAPClientConfiguration” key. This key is declared as
kEAPOLControlEAPClientConfiguration in <EAP8021X/EAPOLControlTypes.h>.
If present, its value is a dictionary with the following keys.
EncryptionType String. The possible values for “EncryptionType” are “WEP”, “WPA”,
or “Any”. “WPA” corresponds to WPA and WPA2 and applies to
both encryption types. Make sure that these values exactly
match the capabilities of the network access point. If you’re
unsure about the encryption type, or would prefer that it applies
to all encryption types, use the value “Any”.
Password String, optional. The absence of a password doesn’t prevent the
network from being added to the list of known networks. The
user is eventually prompted to provide the password when
connecting to that network.
Key Value
Key Value
UserName String, optional. Unless you know the exact user name, this
property won’t appear in an imported configuration. Users can
enter this information when they authenticate.
AcceptEAPTypes Array of integer values. These EAP types are accepted.:
13 = TLS
17 = LEAP
21 = TTLS
25 = PEAP
43 = EAP-FAST
TLSTrustedCertificates Array of data values, optional. This is the list of certificates to be
trusted for this authentication. Each data element contains the
.cer form of the corresponding certificate.
This key lets you craft the list of certificates that are expected for
the given network, and avoids asking the user to dynamically
set trust on a certificate.
Dynamic trust (the certificate dialogue) is disabled if this
property is specified, unless TLSAllowTrustExceptions is also
specified with the value true (see below).