krb_match_realm patch

Greetings,
 Regarding Magnus' patch for matching against the Kerberos realm- I'd see it as much more useful as a multi-value
configurationoption. Perhaps 'krb_alt_realms' or 'krb_realms'.  This would look like: 
 Match against one, and only one, realm (does not have to be the realm the server is in, that's dealt with seperately):
krb_realms= 'ABC.COM' 
 Don't worry about the realm ever: krb_realms = '' # default, to match current krb5
 Match against multiple realms: krb_realms = 'ABC.COM, DEF.ABC.COM'
 Note that using multiple realms implies either no overlap, or that overlap means the same person.  Additionally, I
feelwe should have an explicit 'krb_strip_realm' boolean option to enable this behaviour.  If 'krb_strip_realm' is
'false'then the full user@REALM would be used.  This would mean that more complex cross-realm could also be handled by
creatingusers with user@REALM and then just roles when a given user exists in multiple realms.  I understand that we're
inbeta now but both of these are isolated and rather small changes, I believe.  Also, Magnus has indicated that he'd be
willingto adjust his patch accordingly if this is agreed to (please correct me if I'm wrong here :). 
     Thanks,
    Stephen