The AP controls what encryption the client must use. A valid setting is one that matches what the AP expects. This is not as complicated as it seems, since the AP will advertise most of what it expects in the beacon packets that can be scanned without connecting to the AP.
Most of the standards are now considered insecure. A properly set up AP will use standard 2 with CCMP encryption (also called AES) and one of two keying methods. The first is PSK, which means Pre-Shared Key-- every client uses the same single key. This is almost always used in homes and is thus also known as WPA2-Personal.
At colleges or corporations, it is not practical to share a new key with every user and make everyone reconfigure their device any time it is necessary to kick off a bad user. The Enterprise system is based on a username with different secret credentials for each potential user. The most common variant of that system is called EAP. EAP means Extensible Authentication Protocol, so exactly what is required may change outside the WiFi standard. With these networks it is often necessary to get instructions from the administration to find out how to set up your client. Also OpenWrt does not contain support for this standard by default, but it can be added by changing from the "mini" or "basic" version of hostapd to a full one.
So as you can see it's confusing because there is still reference to obsolete standards which may still be found, but only very rarely, and lots of different names for the same thing.