You configure only TLS home servers for that realm. Realms are not home servers...
Ok, let me rephrase (and run through it)... Feel free to correct: I have a TLS-only FR service at realm1, and a TLS-only FR service at realm2 (they are *not* the same machine). When FR at realm1 receives a request for realm2, I need an entry for realm2 in proxy.conf to forward the request to realm2, correct? This is unchanged, yes? How do I configure the realm entry for realm2? With UDP it was simple: realm realm2 { authhost = ip.address:port secret = RADIUS secret } So for TLS it should look how? realm realm2 { ??? } Or do I ignore proxy.conf for that and define that somewhere else? I apologise if this is really obvious for you and not for me... I'm only used to ABFAB-based TLS home server resolution at this point. Stefan Paetow Moonshot Industry & Research Liaison Coordinator t: +44 (0)1235 822 125 gpg: 0x3FCE5142 xmpp: stefanp@jabber.dev.ja.net skype: stefan.paetow.janet jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc¹s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.