Doc 1701: Per listener configuration of SASL mechanisms (#1457)

Co-authored-by: Michele Cyran <[email protected]>

Author: Feediver1

modules/manage/partials/authentication.adoc

@@ -505,6 +505,8 @@ SASL provides a flexible and adaptable framework for implementing various authen
 
 ifndef::env-kubernetes[- <<kerberos, SASL/GSSAPI>> (Kerberos)]
 
+NOTE: Redpanda provides an option to configure different SASL authentication mechanisms for specific listeners. For example, you could specify SCRAM for internal traffic and OAUTHBEARER for external clients. For details, see xref:reference:properties/cluster-properties.adoc#sasl_mechanisms_overrides[sasl_mechanisms_overrides].
+
 ==== Enable SASL
 
 To enable SASL authentication for the Kafka API, set the xref:reference:properties/broker-properties.adoc#kafka_api_auth_method[`authentication_method`] broker property of the Kafka listeners to `sasl`.

modules/reference/pages/properties/cluster-properties.adoc

@@ -5679,6 +5679,29 @@ endif::[]
 
 // end::sasl_mechanisms[]
 
+[[sasl_mechanisms_overrides]]
+=== sasl_mechanisms_overrides
+
+Configure different SASL authentication mechanisms for specific listeners. This overrides the cluster-wide <<sasl_mechanisms, `sasl_mechanisms`>> setting for the specified listener. Use this when you need different authentication methods on different listeners, such as SCRAM for internal traffic and OAUTHBEARER for external clients. The same requirements from `sasl_mechanisms` apply.
+
+ifndef::env-cloud[]
+include::reference:partial$enterprise-licensed-property.adoc[]
+endif::[]
+
+*Requires restart:* No
+
+*Nullable:* No
+
+*Visibility:* `user`
+
+*Type:* array
+
+*Example:* `[{'listener':'kafka_listener', 'sasl_mechanisms':['SCRAM']}]`
+
+ifndef::env-cloud[]
+*Default:* `[]`
+endif::[]
+
 === schema_registry_always_normalize
 
 Always normalize schemas. If set, this overrides the `normalize` parameter in requests to the Schema Registry API.