I doubt this will work with radsecproxy. The configured script is executed as a file using execlp(), passing exactly one argument, the realm. Did you test it? (if any, the realm argument would always have to be last)

Also note competing PR #105

Well, I tested it in FreeRADIUS and had the hope to make the script common across both.

Maybe worth switching from execlp() to another exec() call that supports multiple arguments?

I like the idea of making the NAPTR discovery tag configurable from the radsecproxy.conf file. If this modification is to be merged, it would help OpenRoaming implementers even without my #105.

Note that the next release is planned to get native dynamic discovery (with configurable NAPTR or SRV record), without external scripts.

That sounds good for performance.
Besides, I'd like to ask you to leave the current external script calling mechanism as an option. Some use cases may require complex realm handling. For example, 3GPP adoption in OpenRoaming requires stream-editing the realm and a couple of naptr lookup trials.

yes, the existing script mechanism will be kept as-is.