Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 417

rename does not fail when the target file is open, so that sequence of 
events would not cause this problem to arise in practice.

I don't understand the explanation for why you would open krb5.conf with 
O_NOLINKS.  Profiles are read out of well-controlled paths like 
/etc/krb5.conf or /var/krb5kdc/kdc.conf, not uncontrolled paths under /tmp.  
There is no way an attacker could redirect someone to the wrong file.