F5 gateways/load balancers are configured with ISE/RADIUS authentication. Radius accounts are used for access while the Radius server is up. But there is a need to maintain a local admin account for access when Radius authentication is not available. The password of the local account should be managed by a Radius master account. How to do this is documented e.g. in F5 KB 13121. The procedure is not using the standard "passwd" command and the default UNIX update script does not work. Logon with the local account does not work while Radius authentication is active, and the password cannot be verified by another account using the "su" command. Therefore the default Verify script cannot be used either to verify the current password of the local account. Is it possible to manage the local account with custom UNIX connector scripts?
It is possible to implement the non-interactive method documented in F5 KB 13121 in a custom script, and also do password verifications with a custom Verify script. The Radius master account will have to be defined in PAM and used as "other account" for password update and verification.
If you want to pursue this option, but are not familiar with customization of the scripts used by UNIX target applications yet, contact PAM Support to get you started. Per information near the bottom of documentation page Add a UNIX Target Connector, once you have custom scripts in place, you are responsible for the operation between the target application and the target endpoint.