Problem statement
When creating a password ticket, what is the maximum ttl_sec
available? The ttl_sec
parameter specifies the number of seconds for which the ticket is valid before expiration.
Symptoms
Tickets expire after 5 days despite setting a higher ttl_sec
.
Solution
The Password Change Tickets will expire after 5 days if ttl_sec
is set to anything >= 432000 seconds (5 days).
It will also default to 5 days if ttl_sec
is left undefined or set to 0, as mentioned in the API reference.