Hi,
after successfully authenticating against RADIUS using http://apps.splunk.com/app/981/ I noticed that even once the app was disabled we could still authenticate with RADIUS users (those created prior to disabling app and after).
It is not until we remove $SPLUNK_HOME/etc/system/local/authentication.conf which defines RADIUS as an authentication method that this behaviour ceases.
Cheers,
James
Unfortunately, Splunk doesn't automatically disable the authentication when the app is disabled. To do so, manually, do the following before disabling the app: open the setup page in the RADIUS authentication app, uncheck the "Enable RADIUS authentication" option and press "save".