The following code in krb5_rc_io_creat() should be replaced with mkstemp():

	if (asprintf(&d->fn, "%s%skrb5_RC%daaa",
		     dir, PATH_SEPARATOR, (int) UNIQUE) < 0) {
	    d->fn = NULL;
	    return KRB5_RC_IO_MALLOC;
	}
	c = d->fn + strlen(d->fn) - 3;
	while ((d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC |
				       O_EXCL | O_BINARY, 0600)) == -1)	{
	    if ((c[2]++) == 'z') {
		c[2] = 'a';
		if ((c[1]++) == 'z') {
		    c[1] = 'a';
		    if ((c[0]++) == 'z')
			break; /* sigh */
		}
	    }
	}