diff --git a/tests/common/auth_test.go b/tests/common/auth_test.go
index 31715660d81..9a0631a11e0 100644
--- a/tests/common/auth_test.go
+++ b/tests/common/auth_test.go
@@ -444,6 +444,32 @@ func TestAuthPrefixPerm(t *testing.T) {
 	})
 }
 
+func TestAuthLeaseKeepAlive(t *testing.T) {
+	testRunner.BeforeTest(t)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+	clus := testRunner.NewCluster(ctx, t, config.WithClusterConfig(config.ClusterConfig{ClusterSize: 1}))
+	defer clus.Close()
+	cc := testutils.MustClient(clus.Client())
+	testutils.ExecuteUntil(ctx, t, func() {
+		require.NoErrorf(t, setupAuth(cc, []authRole{}, []authUser{rootUser}), "failed to enable auth")
+		rootAuthClient := testutils.MustClient(clus.Client(WithAuth(rootUserName, rootPassword)))
+
+		resp, err := rootAuthClient.Grant(ctx, 10)
+		require.NoError(t, err)
+		leaseID := resp.ID
+		require.NoError(t, rootAuthClient.Put(ctx, "key", "value", config.PutOptions{LeaseID: leaseID}))
+		_, err = rootAuthClient.KeepAliveOnce(ctx, leaseID)
+		require.NoError(t, err)
+
+		gresp, err := rootAuthClient.Get(ctx, "key", config.GetOptions{})
+		require.NoError(t, err)
+		if len(gresp.Kvs) != 1 || string(gresp.Kvs[0].Key) != "key" || string(gresp.Kvs[0].Value) != "value" {
+			t.Fatalf("want kv pair ('key', 'value') but got %v", gresp.Kvs)
+		}
+	})
+}
+
 func TestAuthRevokeWithDelete(t *testing.T) {
 	testRunner.BeforeTest(t)
 	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
@@ -475,6 +501,70 @@ func TestAuthRevokeWithDelete(t *testing.T) {
 	})
 }
 
+func TestAuthLeaseTimeToLiveExpired(t *testing.T) {
+	testRunner.BeforeTest(t)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+	clus := testRunner.NewCluster(ctx, t, config.WithClusterConfig(config.ClusterConfig{ClusterSize: 1}))
+	defer clus.Close()
+	cc := testutils.MustClient(clus.Client())
+	testutils.ExecuteUntil(ctx, t, func() {
+		require.NoErrorf(t, setupAuth(cc, []authRole{}, []authUser{rootUser}), "failed to enable auth")
+		rootAuthClient := testutils.MustClient(clus.Client(WithAuth(rootUserName, rootPassword)))
+		resp, err := rootAuthClient.Grant(ctx, 2)
+		require.NoError(t, err)
+		leaseID := resp.ID
+		require.NoError(t, rootAuthClient.Put(ctx, "key", "val", config.PutOptions{LeaseID: leaseID}))
+		// eliminate false positive
+		time.Sleep(3 * time.Second)
+		tresp, err := rootAuthClient.TimeToLive(ctx, leaseID, config.LeaseOption{})
+		require.NoError(t, err)
+		require.Equal(t, int64(-1), tresp.TTL)
+
+		gresp, err := rootAuthClient.Get(ctx, "key", config.GetOptions{})
+		require.NoError(t, err)
+		require.Empty(t, gresp.Kvs)
+	})
+}
+
+func TestAuthLeaseGrantLeases(t *testing.T) {
+	testRunner.BeforeTest(t)
+	tcs := []testCase{
+		{
+			name:   "NoJWT",
+			config: config.ClusterConfig{ClusterSize: 1},
+		},
+		{
+			name:   "JWT",
+			config: config.ClusterConfig{ClusterSize: 1, AuthToken: defaultAuthToken},
+		},
+	}
+	for _, tc := range tcs {
+		t.Run(tc.name, func(t *testing.T) {
+			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+			defer cancel()
+			clus := testRunner.NewCluster(ctx, t, config.WithClusterConfig(tc.config))
+			defer clus.Close()
+			cc := testutils.MustClient(clus.Client())
+
+			testutils.ExecuteUntil(ctx, t, func() {
+				require.NoErrorf(t, setupAuth(cc, []authRole{}, []authUser{rootUser}), "failed to enable auth")
+				rootAuthClient := testutils.MustClient(clus.Client(WithAuth(rootUserName, rootPassword)))
+
+				resp, err := rootAuthClient.Grant(ctx, 10)
+				require.NoError(t, err)
+
+				leaseID := resp.ID
+				lresp, err := rootAuthClient.Leases(ctx)
+				require.NoError(t, err)
+				if len(lresp.Leases) != 1 || lresp.Leases[0].ID != leaseID {
+					t.Fatalf("want %v leaseID but got %v leases", leaseID, lresp.Leases)
+				}
+			})
+		})
+	}
+}
+
 func mustAbsPath(path string) string {
 	abs, err := filepath.Abs(path)
 	if err != nil {
diff --git a/tests/e2e/ctl_v3_auth_test.go b/tests/e2e/ctl_v3_auth_test.go
index c9fd89ce877..1d86bc6360b 100644
--- a/tests/e2e/ctl_v3_auth_test.go
+++ b/tests/e2e/ctl_v3_auth_test.go
@@ -37,14 +37,6 @@ func TestCtlV3AuthFromKeyPerm(t *testing.T)  { testCtl(t, authTestFromKeyPerm) }
 func TestCtlV3AuthAndWatch(t *testing.T)     { testCtl(t, authTestWatch) }
 func TestCtlV3AuthAndWatchJWT(t *testing.T)  { testCtl(t, authTestWatch, withCfg(*e2e.NewConfigJWT())) }
 
-func TestCtlV3AuthLeaseTestKeepAlive(t *testing.T) { testCtl(t, authLeaseTestKeepAlive) }
-func TestCtlV3AuthLeaseTestTimeToLiveExpired(t *testing.T) {
-	testCtl(t, authLeaseTestTimeToLiveExpired)
-}
-func TestCtlV3AuthLeaseGrantLeases(t *testing.T) { testCtl(t, authLeaseTestLeaseGrantLeases) }
-func TestCtlV3AuthLeaseGrantLeasesJWT(t *testing.T) {
-	testCtl(t, authLeaseTestLeaseGrantLeases, withCfg(*e2e.NewConfigJWT()))
-}
 func TestCtlV3AuthLeaseRevoke(t *testing.T) { testCtl(t, authLeaseTestLeaseRevoke) }
 
 func TestCtlV3AuthRoleGet(t *testing.T)  { testCtl(t, authTestRoleGet) }
@@ -302,73 +294,6 @@ func authTestFromKeyPerm(cx ctlCtx) {
 	}
 }
 
-func authLeaseTestKeepAlive(cx ctlCtx) {
-	if err := authEnable(cx); err != nil {
-		cx.t.Fatal(err)
-	}
-
-	cx.user, cx.pass = "root", "root"
-	authSetupTestUser(cx)
-	// put with TTL 10 seconds and keep-alive
-	leaseID, err := ctlV3LeaseGrant(cx, 10)
-	if err != nil {
-		cx.t.Fatalf("leaseTestKeepAlive: ctlV3LeaseGrant error (%v)", err)
-	}
-	if err := ctlV3Put(cx, "key", "val", leaseID); err != nil {
-		cx.t.Fatalf("leaseTestKeepAlive: ctlV3Put error (%v)", err)
-	}
-	if err := ctlV3LeaseKeepAlive(cx, leaseID); err != nil {
-		cx.t.Fatalf("leaseTestKeepAlive: ctlV3LeaseKeepAlive error (%v)", err)
-	}
-	if err := ctlV3Get(cx, []string{"key"}, kv{"key", "val"}); err != nil {
-		cx.t.Fatalf("leaseTestKeepAlive: ctlV3Get error (%v)", err)
-	}
-}
-
-func authLeaseTestTimeToLiveExpired(cx ctlCtx) {
-	if err := authEnable(cx); err != nil {
-		cx.t.Fatal(err)
-	}
-
-	cx.user, cx.pass = "root", "root"
-	authSetupTestUser(cx)
-
-	ttl := 3
-	err := leaseTestTimeToLiveExpire(cx, ttl)
-	require.NoError(cx.t, err)
-}
-
-func leaseTestTimeToLiveExpire(cx ctlCtx, ttl int) error {
-	leaseID, err := ctlV3LeaseGrant(cx, ttl)
-	if err != nil {
-		return fmt.Errorf("ctlV3LeaseGrant error (%v)", err)
-	}
-
-	if err = ctlV3Put(cx, "key", "val", leaseID); err != nil {
-		return fmt.Errorf("ctlV3Put error (%v)", err)
-	}
-	// eliminate false positive
-	time.Sleep(time.Duration(ttl+1) * time.Second)
-	cmdArgs := append(cx.PrefixArgs(), "lease", "timetolive", leaseID)
-	exp := fmt.Sprintf("lease %s already expired", leaseID)
-	if err = e2e.SpawnWithExpectWithEnv(cmdArgs, cx.envMap, exp); err != nil {
-		return fmt.Errorf("lease not properly expired: (%v)", err)
-	}
-	if err := ctlV3Get(cx, []string{"key"}); err != nil {
-		return fmt.Errorf("ctlV3Get error (%v)", err)
-	}
-	return nil
-}
-
-func authLeaseTestLeaseGrantLeases(cx ctlCtx) {
-	cx.user, cx.pass = "root", "root"
-	authSetupTestUser(cx)
-
-	if err := leaseTestGrantLeasesList(cx); err != nil {
-		cx.t.Fatalf("authLeaseTestLeaseGrantLeases: error (%v)", err)
-	}
-}
-
 func leaseTestGrantLeasesList(cx ctlCtx) error {
 	id, err := ctlV3LeaseGrant(cx, 10)
 	if err != nil {