Hello,
yes, I think you can remove the "login authentication local_authen" and then it should go over TACACS+.
If TACACS+ is not available the fallback is local user.
aaa authentication login default group tacacs+ local
What the command "aaa authentication login fallback group tacacs+ enable" should do, I don't know.
But maybe you need some commands in the AAA part for the authorization.
At the moment you have only a way for authentication.
I think something like
aaa authentication enable default group tacacs+ enable -> for moving to enable mode
aaa authorization exec default group tacacs+ local -> for starting an exec shell
is needed for authorization.
And then you can remove the command "authorization exec local_author".
Sven