Automatic cross realm tickets based on (cross)forest/domain routing table e.g. for cifs/dc.otherdomain.com@MYDOMAIN.COM should only be done based on the msDS-TrustForestTrustInfo values.
Without msDS-TrustForestTrustInfo or for external trusts the KDC
should return PRINCIPAL_UNKNOWN.
The client can still explicitly ask for the cross-realm TGT,
Windows clients seem to use the trust information they got from
netr_LogonGetDomainInfo if and how they should construct a possible
initial target principal name.
This also effects our client side code, I'll open a separate bug for that.