FreeRadius licensing and distribution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I have a FreeRadius licensing/distribution question to which I have not been able to find a definitive answer in the archives. The text of the GPL is also a little confusing to me in the context of my question. I was hoping someone could shed some light on it for me. (The closest I've come was the TinyPEAP discussion from a couple of years ago. If I've overlooked it, please point me to the appropriate thread.) Here's the scenario in question: (*) A new authentication 'rlm_something' module is created by a party outside of FreeRadius.org. The module takes the supplied credentials and authenticates them in some fashion (e.g. via proxying to some other standalone AAA server). (*) The module is distributed as part of the aforementioned commercial AAA server distribution (*) In order to streamline deployment for the customers, FreeRadius (unmodified) is also distributed Questions: (*) Can this be legally done? (*) If not, what would need to happen to make the above scenario feasible? (*) If the above rlm_ module depends on some external SDKs (unrelated to FreeRadius) and its source is contributed to FreeRadius, does the source to the SDK need to be contributed as well? (*) In general, what is the process for contributing an rlm_ module and incorporating it in the 'standard' FreeRadius distribution? The bottom line is that I'd like to support FreeRadius in my commercial product and distribute FreeRadius as a convenience to customers. What should I do to keep everyone happy? Thank you in advance, Alex -----BEGIN PGP SIGNATURE----- Version: Hush 2.5 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkXd6mYACgkQvpBOcPZOnQAB1gP5AUiWrIAbqHYqyYoEim+ubGQDJCfK t5gu0qLjmgiWYuycDBjBZVX7CsqyR0/R2/BQHYhag7fzfTiHZT10uYBYdVLjRdg67Me9 qQDp7CQW3hiOHn4hhcTg3sNMtDD/CLqXErXK4zfrwvAEGbBQed0LFwoTsYQTHAP4H7sb 4WMnwlM= =dDBz -----END PGP SIGNATURE----- -- Click to consolidate debt and lower month expenses http://tagline.hushmail.com/fc/CAaCXv1QPxbT6krRi1E0nUQ5wQ0WtfAQ/
devquest@hushmail.com wrote:
I have a FreeRadius licensing/distribution question to which I have not been able to find a definitive answer in the archives.
You can also see the FSF FAQ about the GPL. Information on the GPL license, including distribution, etc. is widely available. There is little in the way of discussions specific to FreeRADIUS, because the license is just the GPL, there's nothing special about it.
(*) A new authentication 'rlm_something' module is created by a party outside of FreeRadius.org. The module takes the supplied credentials and authenticates them in some fashion (e.g. via proxying to some other standalone AAA server). (*) The module is distributed as part of the aforementioned commercial AAA server distribution (*) In order to streamline deployment for the customers, FreeRadius (unmodified) is also distributed
Questions: (*) Can this be legally done?
There are restrictions, but yes. The module MUST be licensed under the GPL, as it is a derivative work of FreeRADIUS. At that point, you might as well submit the module to us for inclusion in the main release.
(*) If the above rlm_ module depends on some external SDKs (unrelated to FreeRadius) and its source is contributed to FreeRadius, does the source to the SDK need to be contributed as well?
Not necessarily. For example, the FreeRADIUS modules depend on libc, which is proprietary in many OS's. If the libraries needed by a module are normally part of the OS, then the source does not have to be contributed back. If, however, the libraries are not part of the OS, but are part of the application you're selling along with FreeRADIUS, then you have a choice: a) distribute the source to the libraries, too. Likely under the GPL b) do not distribute FreeRADIUS or the module you're adding.
(*) In general, what is the process for contributing an rlm_ module and incorporating it in the 'standard' FreeRadius distribution?
http://bugs.freeradius.org. Send a patch.
The bottom line is that I'd like to support FreeRadius in my commercial product and distribute FreeRadius as a convenience to customers. What should I do to keep everyone happy?
Money, bags and bags of money. :) Barring that, source code. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
On February 23, 2007 9:46:21 AM +0100 Alan DeKok <aland@deployingradius.com> wrote:
devquest@hushmail.com wrote:
(*) Can this be legally done?
There are restrictions, but yes. The module MUST be licensed under the GPL, as it is a derivative work of FreeRADIUS. At that point, you might as well submit the module to us for inclusion in the main release.
Is a FR module a derivative work or just a "user" of FR in the sense that FR is a framework for such modules?
(*) If the above rlm_ module depends on some external SDKs (unrelated to FreeRadius) and its source is contributed to FreeRadius, does the source to the SDK need to be contributed as well?
Not necessarily. For example, the FreeRADIUS modules depend on libc, which is proprietary in many OS's. If the libraries needed by a module are normally part of the OS, then the source does not have to be contributed back. If, however, the libraries are not part of the OS, but are part of the application you're selling along with FreeRADIUS, then you have a choice:
a) distribute the source to the libraries, too. Likely under the GPL b) do not distribute FreeRADIUS or the module you're adding.
c) be sole copyright holder of the new module and don't worry about the libraries. FR links to openssl, I don't hear anyone complaining. -frank
On Sat 24 Feb 2007 04:03, Frank Cusack wrote:
On February 23, 2007 9:46:21 AM +0100 Alan DeKok
<aland@deployingradius.com> wrote:
devquest@hushmail.com wrote:
(*) Can this be legally done?
There are restrictions, but yes. The module MUST be licensed under the GPL, as it is a derivative work of FreeRADIUS. At that point, you might as well submit the module to us for inclusion in the main release.
Is a FR module a derivative work or just a "user" of FR in the sense that FR is a framework for such modules?
(*) If the above rlm_ module depends on some external SDKs (unrelated to FreeRadius) and its source is contributed to FreeRadius, does the source to the SDK need to be contributed as well?
Not necessarily. For example, the FreeRADIUS modules depend on libc, which is proprietary in many OS's. If the libraries needed by a module are normally part of the OS, then the source does not have to be contributed back. If, however, the libraries are not part of the OS, but are part of the application you're selling along with FreeRADIUS, then you have a choice:
a) distribute the source to the libraries, too. Likely under the GPL b) do not distribute FreeRADIUS or the module you're adding.
c) be sole copyright holder of the new module and don't worry about the libraries.
FR links to openssl, I don't hear anyone complaining.
OpenSSL is distributed as part of the operating system for almost all platforms that freeradius builds on... -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
Frank Cusack wrote:
Is a FR module a derivative work or just a "user" of FR in the sense that FR is a framework for such modules?
My belief is that the modules are useless without FreeRADIUS, therefore they are dependent on it, and derive their functionality from it. As FreeRADIUS is licensed under the GPL, anything that is derived from it must also be GPL'd. Note that glibc is LGPL's for precisely this reason. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (4)
-
Alan DeKok -
devquest@hushmail.com -
Frank Cusack -
Peter Nixon