This is an old revision of the document!
====== User-specific boot menus ====== This page outlines the steps I took to implement a proof of concept comprising user authentication at preboot time and dynamically generated boot menus. The user is first presented with a login screen. The user's credentials are passed via an SSL-encrypted link to a server, which authenticates the user and then provides a boot menu containing a list of authorised boot selections. The list of boot selections can vary according to the user. ===== Setup (boring part) ===== Find a suitable Apache web server, complete with valid SSL certificate. Create a directory called "boot" on this web server. For the purpose of this documentation, I will assume that the full URI for this directory is //%%http://my.web.server/boot%%//. In the "boot" directory, create a file ".htaccess" containing SSLRequireSSL and a file "menu.gpxe" containing #!gpxe imgfree login kernel -n menu https://${username:uristring}:${password:uristring}@my.web.server/boot/vesamenu.c32 menu.php boot menu Download the latest //syslinux// tarball from [[http://www.kernel.org/pub/linux/utils/boot/syslinux/]] and build it. Copy the files //com32/menu/vesamenu.c32// and //com32/modules/cmd.c32//((At the time of writing, //cmd.c32// is not yet integrated into a //syslinux// release; you will need to apply the patch from [[http://rom.etherboot.org/share/mcb30/syslinux-cmd.patch]] before building //syslinux//, or just grab the prebuild //cmd.c32// binary from [[http://rom.etherboot.org/share/mcb30/cmd.c32]].)) into the "boot" directory. Configure your DHCP server to hand out //menu.gpxe// as the boot file, using something like (for ISC dhcpd): filename "https://my.web.server/boot/menu.gpxe"; ===== Setup (interesting part) =====