This is an old revision of the document!

User-specific boot menus

This page outlines the steps I took to implement a proof of concept comprising user authentication at preboot time and dynamically generated boot menus. The user is first presented with a login screen. The user's credentials are passed via an SSL-encrypted link to a server, which authenticates the user and then provides a boot menu containing a list of authorised boot selections. The list of boot selections can vary according to the user.

Setup (boring part)

Find a suitable Apache web server, complete with valid SSL certificate. Create a directory called “boot” on this web server. For the purpose of this documentation, I will assume that the full URI for this directory is http://my.web.server/boot.

In the “boot” directory, create a file “.htaccess” containing


and a file “menu.gpxe” containing

  kernel -n menu https://${username:uristring}:${password:uristring}@my.web.server/boot/vesamenu.c32 menu.php
  boot menu

Download the latest syslinux tarball from and build it. Copy the files com32/menu/vesamenu.c32 and com32/modules/cmd.c321) into the “boot” directory.

Configure your DHCP server to hand out menu.gpxe as the boot file, using something like (for ISC dhcpd):

  filename "https://my.web.server/boot/menu.gpxe";

Setup (interesting part)

At the time of writing, cmd.c32 is not yet integrated into a syslinux release; you will need to apply the patch from before building syslinux, or just grab the prebuild cmd.c32 binary from

QR Code
QR Code appnotes:authmenus (generated for current page)