RFC8429 declares that rc4-hmac Kerberos ciphers are weak and there are known attacks on Active Directory use of this cipher suite. However for compatibility with Microsoft Windows this option allows the KDC to assume that regardless of the value set in a service account's msDS-SupportedEncryptionTypes attribute that a rc4-hmac Kerberos session key (as distinct from the ticket key, as found in a service keytab) can be used if the potentially older client requests it. no