Maximum ttl_sec on Password Change Tickets

Problem statement

When creating a password ticket, what is the maximum ttl_sec available? The ttl_sec parameter specifies the number of seconds for which the ticket is valid before expiration.

Symptoms

Tickets expire after 5 days despite setting a higher ttl_sec.

Solution

The Password Change Tickets will expire after 5 days if ttl_sec is set to anything >= 432000 seconds (5 days).
It will also default to 5 days if ttl_sec is left undefined or set to 0, as mentioned in the API reference.

Related References