diff --git a/krb5-1.7-create_on_load.patch b/krb5-1.7-create_on_load.patch
index edcddb7..5974661 100644
--- a/krb5-1.7-create_on_load.patch
+++ b/krb5-1.7-create_on_load.patch
@@ -1,115 +1,50 @@
-Modify the kdb_db2 backend so that an attempt to "load" a database will
-successfully create it if it didn't already exist.  The internal promotion
-code appears to be built for this to happen, but doesn't always ensure
-that lock files are in place before it attempts to lock them.  We add
-modified interfaces which allow O_CREAT to be passed in and applied in the
-right paths, and change the function which promotes a temporary database
-to a "real" database to do so.  Other code paths shouldn't be affected.
-
+When we are about to rename the database, try to create one first, just in
+case it's already there.  Ignore errors that crop up if there's actually one
+there.  Pulled down from trunk.
 diff -up krb5-1.7/src/plugins/kdb/db2/adb_openclose.c krb5-1.7/src/plugins/kdb/db2/adb_openclose.c
---- krb5-1.7/src/plugins/kdb/db2/adb_openclose.c	2010-01-05 17:31:01.000000000 -0500
-+++ krb5-1.7/src/plugins/kdb/db2/adb_openclose.c	2010-01-05 17:42:11.000000000 -0500
-@@ -110,8 +110,8 @@ krb5_error_code osa_adb_rename_db(char *
-      return 0;
- }
- 
--krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
--			      char *lockfilename, int magic)
-+krb5_error_code osa_adb_init_db_flags(osa_adb_db_t *dbp, char *filename,
-+				      char *lockfilename, int magic, int flags)
- {
-      osa_adb_db_t db;
-      static struct _locklist *locklist = NULL;
-@@ -198,7 +198,9 @@ krb5_error_code osa_adb_init_db(osa_adb_
- 	   * POSIX systems
- 	   */
- 	  lockp->lockinfo.filename = strdup(lockfilename);
--	  if ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL) {
-+	  if ((((flags & O_CREAT) == 0) ||
-+	       ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "w+")) == NULL)) &&
-+	     ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL)) {
- 	       /*
- 		* maybe someone took away write permission so we could only
- 		* get shared locks?
-@@ -226,6 +228,12 @@ krb5_error_code osa_adb_init_db(osa_adb_
-      return OSA_ADB_OK;
- }
- 
-+krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
-+				char *lockfilename, int magic)
-+{
-+     return osa_adb_init_db_flags(dbp, filename, lockfilename, magic, 0);
-+}
-+
- krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic)
- {
-      if (db->magic != magic)
 diff -up krb5-1.7/src/plugins/kdb/db2/kdb_db2.c krb5-1.7/src/plugins/kdb/db2/kdb_db2.c
---- krb5-1.7/src/plugins/kdb/db2/kdb_db2.c	2010-01-05 15:49:47.000000000 -0500
-+++ krb5-1.7/src/plugins/kdb/db2/kdb_db2.c	2010-01-05 17:45:33.000000000 -0500
-@@ -298,8 +298,8 @@ krb5_db2_db_set_hashfirst(krb5_context c
-  * initialization for data base routines.
-  */
- 
--krb5_error_code
--krb5_db2_db_init(krb5_context context)
-+static krb5_error_code
-+krb5_db2_db_init_flags(krb5_context context, int flags)
- {
-     char   *filename = NULL;
-     krb5_db2_context *db_ctx;
-@@ -327,7 +327,7 @@ krb5_db2_db_init(krb5_context context)
-      * should be opened read/write so that write locking can work with
-      * POSIX systems
+--- krb5-1.7/src/plugins/kdb/db2/kdb_db2.c	2010-01-05 18:17:24.000000000 -0500
++++ krb5-1.7/src/plugins/kdb/db2/kdb_db2.c	2010-01-05 18:35:24.000000000 -0500
+@@ -1745,13 +1745,10 @@ krb5_db2_db_rename(context, from, to)
+      * files must exist because krb5_db2_db_lock, called below,
+      * will fail otherwise.
       */
--    if ((db_ctx->db_lf_file = THREEPARAMOPEN(filename, O_RDWR, 0666)) < 0) {
-+    if ((db_ctx->db_lf_file = THREEPARAMOPEN(filename, O_RDWR | (flags & O_CREAT), 0666)) < 0) {
- 	if ((db_ctx->db_lf_file = THREEPARAMOPEN(filename, O_RDONLY, 0666)) < 0) {
- 	    retval = errno;
- 	    goto err_out;
-@@ -345,8 +345,9 @@ krb5_db2_db_init(krb5_context context)
-     snprintf(policy_lock_name, sizeof(policy_lock_name),
- 	     "%s.lock", policy_db_name);
- 
--    if ((retval = osa_adb_init_db(&db_ctx->policy_db, policy_db_name,
--				  policy_lock_name, OSA_ADB_POLICY_DB_MAGIC)))
-+    if ((retval = osa_adb_init_db_flags(&db_ctx->policy_db, policy_db_name,
-+				        policy_lock_name,
-+					OSA_ADB_POLICY_DB_MAGIC, flags)))
-     {
- 	goto err_out;
-     }
-@@ -358,6 +359,12 @@ krb5_db2_db_init(krb5_context context)
-     return (retval);
- }
- 
-+krb5_error_code
-+krb5_db2_db_init(krb5_context context)
-+{
-+    return krb5_db2_db_init_flags(context, 0);
-+}
+-    db = k5db2_dbopen(db_ctx, to, O_RDWR|O_CREAT, 0600, 0);
+-    if (db == NULL) {
+-	retval = errno;
++    retval = krb5_db2_db_create(context, to, 0);
++    if (retval != 0 && retval != EEXIST)
+ 	goto errout;
+-    }
+-    else
+-	(*db->close)(db);
 +
- /*
-  * gracefully shut down database--must be called by ANY program that does
-  * a krb5_db2_db_init
-@@ -1760,7 +1767,7 @@ krb5_db2_db_rename(context, from, to)
+     /*
+      * Set the database to the target, so that other processes sharing
+      * the target will stop their activity, and notice the new database.
+@@ -1764,25 +1761,6 @@ krb5_db2_db_rename(context, from, to)
      if (retval)
  	goto errout;
  
--    retval = krb5_db2_db_init(context);
-+    retval = krb5_db2_db_init_flags(context, O_CREAT);
-     if (retval)
- 	goto errout;
- 
-diff -up krb5-1.7/src/plugins/kdb/db2/policy_db.h krb5-1.7/src/plugins/kdb/db2/policy_db.h
---- krb5-1.7/src/plugins/kdb/db2/policy_db.h	2010-01-05 17:24:44.000000000 -0500
-+++ krb5-1.7/src/plugins/kdb/db2/policy_db.h	2010-01-05 17:30:46.000000000 -0500
-@@ -75,6 +75,8 @@ krb5_error_code   osa_adb_rename_db(char
- 				  char *fileto, char *lockto, int magic);
- krb5_error_code	osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
- 				char *lockfile, int magic);
-+krb5_error_code	osa_adb_init_db_flags(osa_adb_db_t *dbp, char *filename,
-+				      char *lockfile, int magic, int flags);
- krb5_error_code	osa_adb_fini_db(osa_adb_db_t db, int magic);
- krb5_error_code	osa_adb_get_lock(osa_adb_db_t db, int mode);
- krb5_error_code	osa_adb_release_lock(osa_adb_db_t db);
+-    {
+-	/* Ugly brute force hack.
+-
+-	   Should be going through nice friendly helper routines for
+-	   this, but it's a mess of jumbled so-called interfaces right
+-	   now.  */
+-	char    policy[2048], new_policy[2048];
+-	assert (strlen(db_ctx->db_name) < 2000);
+-	snprintf(policy, sizeof(policy), "%s.kadm5", db_ctx->db_name);
+-	snprintf(new_policy, sizeof(new_policy),
+-		 "%s~.kadm5", db_ctx->db_name);
+-	if (0 != rename(new_policy, policy)) {
+-	    retval = errno;
+-	    goto errout;
+-	}
+-	strlcat(new_policy, ".lock",sizeof(new_policy));
+-	(void) unlink(new_policy);
+-    }
+-
+     db_ctx->db_lf_name = gen_dbsuffix(db_ctx->db_name, KDB2_LOCK_EXT);
+     if (db_ctx->db_lf_name == NULL) {
+ 	retval = ENOMEM;