The "auth" command in the bin/solr scripts has a handful of different parameters which take in boolean arguments. However, bin/solr blithely accepts invalid values without warning administrators in any way of the mistake.
In most cases, the results are innocuous. But in some cases, silently handling invalid input causes real issues. Consider:
If an administrator accidentally mistypes or fatfingers "true" when enabling authentication, their Solr instance will remain unprotected without any warning!
The bin/solr auth tool should refuse to process invalid boolean arguments, or at the least spit out a warning in such cases.