There are generally two possibilities. Either you always use the password defined locally on the router, or you forward the enable request to the TACACS+ daemon and have it verify the request.
I wouldn't recommend the latter method as it introduces some additional complication at a critical place and hardly gains you anything.
As it's possible to assign a privilege level to users by the priv-lvl attribute, it's not necessary to use enable at all. IMHO, this is a better way to cope with privileges in a multi-user environment.
With "aaa authentication enable default enable", the local enable password is always used. In contrast, "aaa authentication enable default TACACS+ enable" tells the NAS to first ask the TACACS+ server to verify the enable password, and only if no answer is received, then the local enable password is used as a fallback.