DOCS-71:Update authentication.adoc (#1317)

Feediver1 · web-flow · commit ddbfe2d91306 · 2025-08-15T11:11:11.000-05:00
diff --git a/modules/manage/partials/authentication.adoc b/modules/manage/partials/authentication.adoc
@@ -1379,6 +1379,8 @@ Before enabling authentication for the HTTP APIs, you must <<sasl,enable SASL au
 
 ==== Basic authentication
 
+NOTE: Redpanda Data recommends that you use TLS when enabling HTTP Basic Auth.
+
 Basic authentication provides a method for securing HTTP endpoints. With basic authentication enabled, HTTP user agents, such as web browsers, must provide a username and password when making a request.
 
 To add users to the Redpanda credential store that HTTP basic authentication uses, create users with xref:reference:rpk/rpk-acl/rpk-acl-user-create.adoc[`rpk security user create`].
@@ -1480,6 +1482,8 @@ rpk cluster config set admin_api_require_auth true
 rpk cluster config set http_authentication '["BASIC"]'
 ----
 
+NOTE: Valid values for the cluster configuration property xref:reference:properties/cluster-properties.adoc#http_authentication[`http_authentication`] (cluster-wide) are `BASIC` and `OIDC`. The value `BASIC` here is different from the per-listener setting `http_basic`, which enables authentication on a listener using the broker property `authentication_method` (see xref:reference:properties/broker-properties.adoc#schema_registry_auth_method[`authentication_method`] for the Schema Registry listener and xref:reference:properties/broker-properties.adoc#http_proxy_auth_method[`authentication_method`] for the HTTP Proxy listener).
+
 To enable basic authentication for specific listeners, set xref:reference:properties/broker-properties.adoc#schema_registry_auth_method[`authentication_method`] broker property to `http_basic`. For example, in `redpanda.yaml`, enter:
 
 [,yaml,lines=5+10]
@@ -1588,6 +1592,8 @@ NOTE: If you enable OIDC authentication for the Admin API, you must also <<creat
 
 To enable OIDC for the HTTP API listeners as well as basic authentication, include OIDC in the `http_authentication` cluster property list:
 
+NOTE: Valid values for the cluster configuration property xref:reference:properties/cluster-properties.adoc#http_authentication[`http_authentication`] (cluster-wide) are `BASIC` and `OIDC`. The value `BASIC` here is different from the per-listener setting `http_basic`, which enables authentication on a listener using the broker property `authentication_method` (see xref:reference:properties/broker-properties.adoc#schema_registry_auth_method[`authentication_method`] for the Schema Registry listener and xref:reference:properties/broker-properties.adoc#http_proxy_auth_method[`authentication_method`] for the HTTP Proxy listener).
+
 ifdef::env-kubernetes[]
 [tabs]
 ======
