The legacy auth.conf file that Puppet used to use has been heavily deprecated for several major releases, and doesn't have all the necessary features to correctly authenticate certs with authorization extensions, which are now widely in use in PE (e.g. CA cert, compiler certs). Puppet Server's trapperkeeper-authorization HOCON file has been a much more powerful replacement for a long time.
This ticket is to track removing the setting, but not all of its backing code. That gives us the freedom to remove the code at our leisure, once the mode is no longer available to users.