The mit kerberos libraries have the function krb5_aname_to_localname() which
allows the mapping of foreign principals into local user accounts. This could
be used to allow mapping of trusted kerberos (AD forrests) into local user
MIT only functions are avoided to maintain porability with Heimdal.
Plus you can do this king of thing with a username map.
No one has decided to work on this in a year. Closing as later.