When using RT-Extension-ExternalAuth, what is the logic for determining whether to authenticate to the external source or via RT's database? Will it always try the external source and then only use local if that was a connection failure or similar? I hope 'root' never tried via external. Is that true?