the values are converted and appear to get stored in seconds (looking at
the code, maybe i misunderstand it).
You can only specify password policy for User Groups, not host groups,
so there is no way to do this currently. It also isn't that
fine-grained. The minimum lifetime is 1 hour, the minimum of the maximum
lifetime is 1 day.
I don't see why support for Host Groups (and therefore Hosts) can't be
added. I'm not 100% sure about the tuning for min/max lifetime but it
should be possible. AFAIR we convert the values from seconds to hours
Can you file a ticket at https://fedorahosted.org/freeipa/newticket ?
Freeipa-users mailing list