Apple Adds EAP-FAST Support
If you don't know what EAP-FAST is, you don't need it. Apple's Mac OS X 10.4.8 update includes new support for a Cisco-exclusive method of logging into a wireless local area network. EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) is a replacement for Cisco's LEAP (Lightweight EAP), which is still in use despite extensive documentation of its cryptographic weakness, including exploit software to extract passwords from transmitted data.
EAP methods allow a username and password or other credentials (such as a smart card swipe) to be passed through a wireless or wired gateway to a backend server that authenticates the validity of the credentials--that the password is valid or the smart card is authorized. Once that's approved, the user trying to gain access is given access. Before then, they're sort of shunted to the side in a way that only allows them to petition for access. This provides a pretty high level of security.
Unfortunately, EAP isn't secured, meaning that any of the data sent via EAP is passed in the clear. Various methods of secured EAP encrypt the authentication part, so that credentials aren't revealed to snoopers. The most widely used form of secured EAP is PEAPv0 (Protected EAP version 0), a method that's found in built-in software in Windows XP SP1 and later and in Mac OS X 10.3 and later. It's also available through free and commercial software for Windows, Linux, and handhelds.
Cisco has a document that describes EAP-FAST and its use, and its limitations.