What determines "external auth" vs. "local auth"

When using RT-Extension-ExternalAuth, what is the logic for
determining whether to authenticate to the external source
or via RT’s database?

Will it always try the external source and then only use
local if that was a connection failure or similar?

I hope ‘root’ never tried via external. Is that true?

When using RT-Extension-ExternalAuth, what is the logic for
determining whether to authenticate to the external source
or via RT’s database?

Will it always try the external source and then only use
local if that was a connection failure or similar?

I hope ‘root’ never tried via external. Is that true?

I suggest turning your preferred log mechanism up to ‘debug’
RT-Authen-ExternalAuth is quite chatty about who it’s asking for
information.

-kevin