The same issues are relevant here as in my CatOS Radius HowTo, so I repeat it here. 

"Having to configure or change passwords on hundreds or thousand of routers can be a daunting and downright boring task. So I suggest using Radius as a much more scalable solution. This gives you a central location to manage users that are allowed to access your network gear.

There is also the added benefit of individual passwords for each user, so you can always tell who did what and when. In a nutshell it makes everyone think twice about changes as, they will be tracked back to the implementor. That means less mistakes. Not that any of us make mistakes. :)"

Below is a basic configuration with redundant Radius Servers defined.  The items in red are specific to your environment.

aaa new-model

aaa authentication login default group radius local
aaa authorization exec default group radius if-authenticated
aaa authorization console

radius-server host 192.168.1.10
radius-server host 10.10.10.5
radius-server key password