diff --git a/lib/krb5/keytab_file.c b/lib/krb5/keytab_file.c
index 14b0f6c59..04a6bacf2 100644
--- a/lib/krb5/keytab_file.c
+++ b/lib/krb5/keytab_file.c
@@ -367,6 +367,7 @@ fkt_start_seq_get_int(krb5_context context,
     int8_t pvno, tag;
     krb5_error_code ret;
     struct fkt_data *d = id->data;
+    const char *stdio_mode = "rb";
 
     c->fd = open (d->filename, flags);
     if (c->fd < 0) {
@@ -382,9 +383,14 @@ fkt_start_seq_get_int(krb5_context context,
 	close(c->fd);
 	return ret;
     }
-    c->sp = krb5_storage_from_fd(c->fd);
+    if ((flags & O_ACCMODE) == O_RDWR && (flags & O_APPEND))
+        stdio_mode = "ab+";
+    else if ((flags & O_ACCMODE) == O_RDWR)
+        stdio_mode = "rb+";
+    else if ((flags & O_ACCMODE) == O_WRONLY)
+        stdio_mode = "wb+";
+    c->sp = krb5_storage_stdio_from_fd(c->fd, stdio_mode);
     if (c->sp == NULL) {
-	_krb5_xunlock(context, c->fd);
 	close(c->fd);
 	return krb5_enomem(context);
     }
@@ -392,14 +398,12 @@ fkt_start_seq_get_int(krb5_context context,
     ret = krb5_ret_int8(c->sp, &pvno);
     if(ret) {
 	krb5_storage_free(c->sp);
-	_krb5_xunlock(context, c->fd);
 	close(c->fd);
 	krb5_clear_error_message(context);
 	return ret;
     }
     if(pvno != 5) {
 	krb5_storage_free(c->sp);
-	_krb5_xunlock(context, c->fd);
 	close(c->fd);
 	krb5_clear_error_message (context);
 	return KRB5_KEYTAB_BADVNO;
@@ -407,7 +411,6 @@ fkt_start_seq_get_int(krb5_context context,
     ret = krb5_ret_int8(c->sp, &tag);
     if (ret) {
 	krb5_storage_free(c->sp);
-	_krb5_xunlock(context, c->fd);
 	close(c->fd);
 	krb5_clear_error_message(context);
 	return ret;
@@ -507,7 +510,6 @@ fkt_end_seq_get(krb5_context context,
 		krb5_kt_cursor *cursor)
 {
     krb5_storage_free(cursor->sp);
-    _krb5_xunlock(context, cursor->fd);
     close(cursor->fd);
     return 0;
 }
@@ -555,7 +557,7 @@ fkt_add_entry(krb5_context context,
 	    close(fd);
 	    return ret;
 	}
-	sp = krb5_storage_from_fd(fd);
+	sp = krb5_storage_stdio_from_fd(fd, "wb+");
 	krb5_storage_set_eof_code(sp, KRB5_KT_END);
 	ret = fkt_setup_keytab(context, id, sp);
 	if(ret) {
@@ -572,7 +574,7 @@ fkt_add_entry(krb5_context context,
 	    close(fd);
 	    return ret;
 	}
-	sp = krb5_storage_from_fd(fd);
+	sp = krb5_storage_stdio_from_fd(fd, "wb+");
 	krb5_storage_set_eof_code(sp, KRB5_KT_END);
 	ret = krb5_ret_int8(sp, &pvno);
 	if(ret) {
@@ -704,8 +706,8 @@ fkt_add_entry(krb5_context context,
     memset(keytab.data, 0, keytab.length);
     krb5_data_free(&keytab);
   out:
+    krb5_storage_fsync(sp);
     krb5_storage_free(sp);
-    _krb5_xunlock(context, fd);
     close(fd);
     return ret;
 }