Problem statement
When creating a password ticket, what is the maximum ttl_sec available? The ttl_sec parameter specifies the number of seconds for which the ticket is valid before expiration.
Symptoms
Tickets expire after 5 days despite setting a higher ttl_sec.
Solution
The Password Change Tickets will expire after 5 days if ttl_sec is set to anything >= 432000 seconds (5 days).
It will also default to 5 days if ttl_sec is left undefined or set to 0, as mentioned in the API reference.