I am having some trouble characterizing this patch. There are two changes to error-handling in the KDC code, and then a change to lib/kdb/kdb_default.c to avoid leaking keytab objects. All of the changes look fine; they just don't seem terribly related.