The mit kerberos libraries have the function krb5_aname_to_localname() which allows the mapping of foreign principals into local user accounts. This could be used to allow mapping of trusted kerberos (AD forrests) into local user accounts.
MIT only functions are avoided to maintain porability with Heimdal. Plus you can do this king of thing with a username map. No one has decided to work on this in a year. Closing as later.