i have krb5 kdc server with ldap backend.
when i try to renew tiket i get:
$ kinit -R
kinit(v5): Ticket expired while renewing credentials

$ kinit -r 7d -l 2d
Password for f_anton@DOMAIN.MY:
$ klist -f
Ticket cache: FILE:/tmp/krb5cc_1013_s1kvrE
Default principal: f_anton@DOMAIN.MY

Valid starting     Expires            Service principal
*08/20/10 19:54:27*  08/21/10 19:54:27  krbtgt/DOMAIN.MY@DOMAIN.MY
renew until *08/20/10 19:54:27*, Flags: RI

Valid starting = renew until.


in kadmin.local:
kadmin.local:  getprinc f_anton
[..]
Maximum ticket life: 2 days 00:00:00
Maximum renewable life: 28 days 00:00:00
[..]
Attributes:
Policy: default
kadmin.local:  getpol default
Policy: default
Maximum password life: 157766400
Minimum password life: 86400
Minimum password length: 6
Minimum number of password character classes: 2
Number of old keys kept: 3
Reference count: 2


==========
kdc.conf:

[realms]
DOMAIN.MY = {
  master_key_type = des-cbc-crc
  supported_enctypes = rc4-hmac:normal des-cbc-crc:normal
des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:afs3
  max_renewable_life = 7d 0h 0m 0s
  max_life = 2d 0h 0m 0s
  default_principal_flags = +renewable
  krbMaxTicketLife = 172800
  krbMaxRenewableAge = 604800
}

==========
krb5.conf:

[libdefaults]
default_realm = DOMAIN.MY
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 2d
renew_lifetime = 7d

[dbdefaults]
ldap_kerberos_container_dn = "cn=kerberos,ou=kdcroot,dc=domain,dc=my"

[dbmodules]
domain.my = {
    db_library = kldap
    ldap_kdc_dn = cn=kdc,ou=kdcroot,dc=domain,dc=my
    ldap_kadmind_dn = cn=kadmin,ou=kdcroot,dc=domain,dc=my
    ldap_service_password_file = /var/lib/kerberos/krb5kdc/domain.my.ldapkey
    ldap_servers = ldap://localhost/
    ldap_conns_per_server = 15
}

[realms]
DOMAIN.MY = {
    database_module = domain.my
    admin_server = server6.domain.my
    default_domain = domain.my
    kdc = server7.domain.my
    kdc = server6.domain.my
    krbMaxTicketLife = 172800
    krbMaxRenewableAge = 604800
}
=============

# rpm -qa '*krb*'
libkrb5-1.6.3-alt9
libkrb5-devel-1.6.3-alt9
krb5-ticket-watcher-1.0.2-alt3
krb5-kinit-1.6.3-alt9
krb5-kadmin-1.6.3-alt9
krb5-server-1.6.3-alt9
krb5-services-1.6.3-alt9
krb5-kdc-1.6.3-alt9
libkrb5-ldap-1.6.3-alt9
pam_krb5-3.13-alt1