Currently, global locks cannot apply an autoblock and only prevent users from logging in. It would be beneficial to add a "global block" option to this, so that the autoblock can be applied. Currently stewards need to use CheckUser to find the IP address and then separately globally block it, which is public and usually results in an easy connection of account --> IP.
I was testing with centralauth today as a result of [[T47094]], and found out that the "oversight" option of centralauth already does this with a hideuser block. Could a feature be built off of the existing infrastructure to allow for global blocking through centralauth without oversight, in the same way that currently exists? This should be separate from global locking.