# challenges (by default, it accepts 2 or 3)
# result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use
# protected result indication.
+# 'crypto_binding' option can be used to control PEAPv0 cryptobinding
+# behavior:
+# * 0 = do not use cryptobinding
+# * 1 = use cryptobinding if server supports it (default)
+# * 2 = require cryptobinding
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)