<P> It is worth noting that the PAC file is issued on a per - user basis . This is a requirement in RFC 4851 sec 7.4. 4 so if a new user logs on the network from a device, a new PAC file must be provisioned first . This is one reason why it is difficult not to run EAP - FAST in insecure anonymous provisioning mode . The alternative is to use device passwords instead, but then the device is validated on the network not the user . </P> <P> EAP - FAST can be used without PAC files, falling back to normal TLS . </P> <P> EAP - FAST is natively supported in Apple OS X 10.4. 8 and newer . Cisco supplies an EAP - FAST module for Windows Vista and later operating systems which have an extensible EAPHost architecture for new authentication methods and supplicants . </P> <P> EAP Subscriber Identity Module (EAP - SIM) is used for authentication and session key distribution using the subscriber identity module (SIM) from the Global System for Mobile Communications (GSM). </P>

List and briefly define four eap authentication methods