Yes, they will all need a unique identity as we will be using HBAC along with RBAC. This is an HPC environment with 10k+ unique systems and growing. I can explain more if you'd like. 

On Tue, Sep 1, 2020 at 7:37 PM Ben Aveling via FreeIPA-users <> wrote:
If these machines are stateless, does each new instance need a new and unique identity in IPA?

I don't know if multiple instances concurrently sharing a common identity for IPA purposes would work, but maybe have a pool of identities, and have each newly instantiated machine draw an identity from the pool?

FWIW, we have a number of machines that have a different hostname in IPA to the hostname they use on the network, and touch wood, so far it works fine.
FreeIPA-users mailing list --
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:


Mark Potter

Senior Linux Administrator




DownUnder GeoSolutions


16200 Park Row Drive, Suite 100

Houston TX 77084, USA

tel +1 832 582 3221