We don't support selective authentication yet, so we shouldn't silently allow domain wide authentication for such a trust.
Created attachment 14007 [details] Patches for v4-8-test
Fixed in 4.8.0rc4