fix incorrect suggestions

Author: paulohtb6

modules/manage/partials/authentication.adoc

@@ -1676,21 +1676,26 @@ ifndef::env-kubernetes[]
 rpk cluster config set http_authentication '["BASIC","OIDC"]'
 ----
 
-To enable OIDC for HTTP API listeners, ensure the listeners allow OIDC authentication by setting xref:reference:properties/broker-properties.adoc#authentication_method[`authentication_method`] to `none` (which allows both Basic and OIDC authentication) or omitting it entirely (since `none` is the default). For example, in `redpanda.yaml`, enter:
+To enable OIDC for HTTP API listeners, set xref:reference:properties/broker-properties.adoc#authentication_method[`authentication_method`] to `http_basic` to require authentication on those listeners. For example, in `redpanda.yaml`, enter:
 
 [,yaml,lines=5+10]
 ----
 pandaproxy:
   pandaproxy_api:
   - address: "localhost"
     port: 8082
-    authentication_method: none  # Allows both Basic and OIDC authentication
+    authentication_method: http_basic  # Requires authentication (Basic or OIDC)
 schema_registry:
   schema_registry_api:
     address: "localhost"
     port: 8081
-    authentication_method: none  # Allows both Basic and OIDC authentication
+    authentication_method: http_basic  # Requires authentication (Basic or OIDC)
 ----
+
+NOTE: The `authentication_method` broker property controls whether a listener requires authentication (`http_basic`) or allows anonymous access (`none`). The actual choice between Basic authentication and OIDC authentication is determined by:
+
+1. What authentication methods are enabled in the xref:reference:properties/cluster-properties.adoc#http_authentication[`http_authentication`] cluster property 
+2. What type of Authorization header the client sends (`Basic` for Basic auth, `Bearer` for OIDC)
 endif::[]
 
 ===== Connect to the HTTP API

modules/reference/pages/properties/broker-properties.adoc

@@ -120,6 +120,7 @@ Replace the following placeholders with your values:
 
 === authentication_method
 
+[[authentication_method]]
 Configures the authentication method for API endpoints. This property is set within each endpoint definition for the specific API listener.
 
 *Visibility:* `user`
@@ -134,13 +135,20 @@ For Kafka API endpoints:
 - `mtls_identity` - Mutual TLS authentication using client certificates
 
 For HTTP-based API endpoints (HTTP Proxy and Schema Registry):
-- `none` - No authentication required
-- `http_basic` - HTTP Basic authentication
+- `none` - No authentication required (allows anonymous access)
+- `http_basic` - Authentication required. The specific authentication method (Basic vs OIDC) depends on the xref:reference:properties/cluster-properties.adoc#http_authentication[`http_authentication`] cluster property and the client's Authorization header type.
 
 *Default:* `none`
 
 NOTE: The `authentication_method` property is defined within the endpoint configuration, not as a standalone property.
 
+NOTE: This broker property works together with the cluster property xref:reference:properties/cluster-properties.adoc#http_authentication[`http_authentication`]:
+
+* `authentication_method` (broker property): Controls whether a specific listener requires authentication (`http_basic`) or allows anonymous access (`none`)
+* `http_authentication` (cluster property): Controls which authentication methods are available globally (`["BASIC"]`, `["OIDC"]`, or `["BASIC", "OIDC"]`)
+
+When `authentication_method: http_basic` is set on a listener, clients can use any authentication method that is enabled in the `http_authentication` cluster property.
+
 When using `authentication_method: sasl`, you must also configure the available SASL mechanisms (such as SCRAM-SHA-256, SCRAM-SHA-512, SASL/PLAIN, GSSAPI, or OAUTHBEARER) using the xref:reference:properties/cluster-properties.adoc#sasl_mechanisms[`sasl_mechanisms`] cluster property.
 
 .Kafka API authentication examples