You can extend the lifetime of FIM CM OTP's.
All that needs to be done is:
- Select the Custom Password Provider option in your policy
- set the type to Microsoft.CLM.BusinessLayer.DefaultSecretProvider
- the Password provider data controls the OTP generation.
the format is in the form of
- numberofotp can be 0,1 or two
- i did not see a technical limit (yeah its possibly an int32, so there IS a limit) for length or lifetime
- 1,8,40 will generate one OTP with a length of '8' and a lifetime of 40 days
- 2.8.8,40 will generate two OTPs, both with a length of 8 and a lifetime of 40 days
It seems that adding 'm' to the lifetime will make it minutes, not days.