Address Michele's review: location-explicit intro bullets and K8s gating for the troubleshooting H2

Feediver1 · claude · Feediver1 · commit 882bd53c5cd3 · 2026-05-21T13:11:40.000-04:00
Two follow-ups from @micheleRP's final-pass review: 1. Intro bullets now name where each method is configured upfront (cluster-configuration property vs. listener settings in each broker's redpanda.yaml) so the cluster-config-vs-broker-config-file distinction lands before the reader gets into the per-method sections. Addresses @mattschumpert's March feedback. 2. Wrap the new 'Authentication and authorization troubleshooting' H2 in ifndef::env-kubernetes[] ... endif::[]. The partial is included by both modules/manage/pages/security/authentication.adoc (Linux) and modules/manage/pages/kubernetes/security/authentication/k-authentication.adoc (sets :env-kubernetes: true). The resolution step uses systemctl restart redpanda, which doesn't apply on Kubernetes. A platform-agnostic rewrite (or a K8s-specific variant) can be a follow-up if needed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/modules/manage/partials/authentication.adoc b/modules/manage/partials/authentication.adoc
@@ -458,8 +458,8 @@ rpk cluster config edit
 
 Redpanda provides the following options for enabling SASL authentication:
 
-* *`enable_sasl`*: A legacy (not deprecated) approach that is maintained for backwards compatibility. It applies SASL globally to all Kafka listeners with a single command.
-* *Per-listener configuration*: A more flexible approach that lets you configure different authentication methods on different listeners.
+* *`enable_sasl`*: A cluster-configuration property (set with `rpk cluster config set enable_sasl true`). A legacy (not deprecated) approach maintained for backwards compatibility. It applies SASL globally to all Kafka listeners with a single command.
+* *Per-listener configuration*: Listener settings in each broker's `redpanda.yaml`. A more flexible approach that lets you configure different authentication methods on different listeners.
 
 Use the following criteria to help you select the best authentication option for your needs:
 
@@ -2056,6 +2056,7 @@ redpanda:
 ----
 endif::[]
 
+ifndef::env-kubernetes[]
 == Authentication and authorization troubleshooting
 
 This section covers common authentication and authorization issues you may encounter and how to resolve them.
@@ -2153,6 +2154,7 @@ Verify the fix by checking the role again and testing schema registration.
 * Only enable `schema_registry_enable_authorization` when the cluster is stable.
 * Avoid enabling during cluster restarts or controller failovers.
 * Verify role completeness after enabling Schema Registry authorization.
+endif::[]
 
 == Generate security report
 
