This is an old revision of the document!


User-specific boot menus

This page outlines the steps I took to implement a proof of concept comprising user authentication at preboot time and dynamically generated boot menus. The user is first presented with a login screen. The user's credentials are passed via an SSL-encrypted link to a server, which authenticates the user and then provides a boot menu containing a list of authorised boot selections. The list of boot selections can vary according to the user.

Setup (boring part)

Find a suitable Apache web server, complete with valid SSL certificate. Create a directory called “boot” on this web server. For the purpose of this documentation, I will assume that the full URI for this directory is http://my.web.server/boot.

In the “boot” directory, create a file “.htaccess” containing

  SSLRequireSSL

and a file “menu.gpxe” containing

  #!gpxe
  
  imgfree
  login
  kernel -n menu https://${username:uristring}:${password:uristring}@my.web.server/boot/vesamenu.c32 menu.php
  boot menu

Configure your DHCP server to hand out menu.gpxe as the boot file, using something like (for ISC dhcpd)1):

  filename "https://my.web.server/boot/menu.gpxe";

Download the latest syslinux tarball from http://www.kernel.org/pub/linux/utils/boot/syslinux/ and build it. Copy the files com32/menu/vesamenu.c32 and com32/modules/cmd.c322) into the “boot” directory.

Setup (interesting part)

1)
If you are using PXE-chaining, you may want to investigate the various methods for avoiding infinite loops described in the PXE chainloading HowTo.
2)
At the time of writing, cmd.c32 is not yet integrated into a syslinux release; you will need to apply the patch from http://rom.etherboot.org/share/mcb30/syslinux-cmd.patch before building syslinux, or just grab the prebuild cmd.c32 binary from http://rom.etherboot.org/share/mcb30/cmd.c32.

QR Code
QR Code appnotes:authmenus (generated for current page)