The security guidance at some sites is to move to more robust encryption when configuring kerberos, specifically AES 256. Unfortunately, Tableau Server does not yet support that standard.
Here is the response we received from Tableau Support on the subject:
"we are not able to utilize AES128_HMAC_SHA1 or AES256_HMAC_SHA1 with Tableau Server and we utilize RC4-HMAC in the ktpass command portion of the kerberosconfig.bat file."
This "idea" is simply to extend the list of encryption standards that Tableau Server will support when communicating with kerberos to include AES128_HMAC_SHA1 and AES256_HMAC_SHA1 so that users whose security guidance requires those protocols can use Tableau Server in their environment.