• The VMware Identity Manager (vIDM) supports RC4 encryption.
• The usage is dependent on each environment based on the configuration of the Active Directory Domain Controller (DC).
• If RC4 is disabled at the domain level, the VMware Identity Manager will not use it, even if it's listed in the krb5.conf file in the VMware Identity Manager.

VMware Identity Manager 3.3.7

RC4 is an outdated and insecure encryption.

Disabling RC4 encryption in VMware Identity Manager:

1. Take a snapshot for all vIDM nodes
2. Follow the steps below for all the nodes  
3. Edit the krb5.conf file
   1. If Kerberos is configured
      vi /etc/krb5.conf
   2. If Kerberos is NOT configured
      vi ./opt/vmware/horizon/workspace/webapps/hc/WEB-INF/classes/krb5.conf
      
      
4. Change the lines as
   

    default_tgs_enctypes = AES256-CTS AES128-CTS 
    default_tkt_enctypes = AES256-CTS AES128-CTS 
    preferred_enctypes = AES256-CTS AES128-CTS 

   
   
    to 
   

   default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC
   default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC
   preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC

   
   
   
5. Save the changes
6. Restart the sssd service:
   systemctl restart sssd
   
   
7. Restart the krb5kdc service:
   systemctl restart krb5kdc


8. Before removing all snapshots, ensure that all functionalities are working as expected.