Abstract: Aspects of the disclosure relate to an article carrier (90) for packaging a plurality of articles and to a blank (10) for forming the article carrier. The article carrier comprises a plurality of primary panels (12,14,16,18) for forming a tubular structure and defining an interior thereof. The plurality of primary panels includes a first panel (12) and a second panel (14) opposing the first panel. The article carrier further comprises a partition structure for dividing the interior into two or more article-receiving cells. The carrier is formed form a blank comprising a partition-forming section (PS) which comprises a primary partition panel (22,24) and a secondary partition panel(40,44,36,46) formed from the primary partition panel and hingedly connected at one of the opposing ends thereof to the primary partition panel. The upper edge (E1) of the secondary partition panel is defined at least in part by a cutaway (R1) extending from a free end edge (E3) of the blank.

Abstract: A privileged account management system can maintain a database that defines a normal amount of time that it takes to perform a task associated with a reason code. When an administrator requests admin credentials for accessing a server, the administrator can provide a reason code which defines a task that the administrator intends to accomplish. A PAM system can maintain a database that defines, for each reason code, a normal amount of time that is required to accomplish the task associated with the reason code. The PAM system can then monitor an elapsed time over which the admin credentials are checked out to an administrator to determine whether the elapsed time exceeds the corresponding normal amount of time. If the elapsed time exceeds the normal amount, the PAM system can take appropriate action to mitigate any potential harm to the server.

Abstract: A privileged account management system can detect when credentials used to access one or more servers have been shared or otherwise compromised. This detection can occur through analysis of simultaneous actions that are performed via multiple sessions associated with the same administrator. When two or more sessions associated with the same administrator are opened, the interactions performed over each of the sessions can be monitored to identify whether such interactions could be performed by a single administrator. If it is determined that the interactions over the multiple sessions could not reasonably be performed by a single administrator, various actions can be taken to address the possible breach to the security of the one or more servers.

Abstract: A privileged account management system can detect when credentials used to access one or more servers have been shared or otherwise compromised. This detection can occur through analysis of simultaneous actions that are performed via multiple sessions associated with the same administrator. When two or more sessions associated with the same administrator are opened, the interactions performed over each of the sessions can be monitored to identify whether such interactions could be performed by a single administrator. If it is determined that the interactions over the multiple sessions could not reasonably be performed by a single administrator, various actions can be taken to address the possible breach to the security of the one or more servers.

Abstract: A privileged account management system can maintain a database that defines a normal amount of data that should be transferred over a remote session and/or a normal rate at which the data should be transferred when performing a particular task. Using a reason code used to obtain a remote session and possibly a combination of various different characteristics of the remote session, the system can access the database to identify the appropriate normal amount and/or normal rate. The system can then compare the amount and/or rate of data transferred over the remote session to the appropriate normal amount and/or normal rate to detect when an abnormal amount and/or abnormal rate is being transferred. In cases where abnormal behavior is detected, the system can determine that the remote session is likely being used in an improper manner, and can take action to mitigate any potential harm to the server.

Abstract: A privileged account management system can detect when credentials used to access one or more servers have been shared or otherwise compromised. This detection can occur through analysis of simultaneous actions that are performed via multiple sessions associated with the same administrator. When two or more sessions associated with the same administrator are opened, the interactions performed over each of the sessions can be monitored to identify whether such interactions could be performed by a single administrator. If it is determined that the interactions over the multiple sessions could not reasonably be performed by a single administrator, various actions can be taken to address the possible breach to the security of the one or more servers.

Abstract: A privileged account management system can maintain a database that defines a normal amount of time that it takes to perform a task associated with a reason code. When an administrator requests admin credentials for accessing a server, the administrator can provide a reason code which defines a task that the administrator intends to accomplish. A PAM system can maintain a database that defines, for each reason code, a normal amount of time that is required to accomplish the task associated with the reason code. The PAM system can then monitor an elapsed time over which the admin credentials are checked out to an administrator to determine whether the elapsed time exceeds the corresponding normal amount of time. If the elapsed time exceeds the normal amount, the PAM system can take appropriate action to mitigate any potential harm to the server.

Abstract: A privileged account management system can detect when credentials used to access one or more servers have been shared or otherwise compromised. This detection can occur through analysis of simultaneous actions that are performed via multiple sessions associated with the same administrator. When two or more sessions associated with the same administrator are opened, the interactions performed over each of the sessions can be monitored to identify whether such interactions could be performed by a single administrator. If it is determined that the interactions over the multiple sessions could not reasonably be performed by a single administrator, various actions can be taken to address the possible breach to the security of the one or more servers.

Abstract: A privileged account management system can maintain a database that defines a normal amount of data that should be transferred over a remote session and/or a normal rate at which the data should be transferred when performing a particular task. Using a reason code used to obtain a remote session and possibly a combination of various different characteristics of the remote session, the system can access the database to identify the appropriate normal amount and/or normal rate. The system can then compare the amount and/or rate of data transferred over the remote session to the appropriate normal amount and/or normal rate to detect when an abnormal amount and/or abnormal rate is being transferred. In cases where abnormal behavior is detected, the system can determine that the remote session is likely being used in an improper manner, and can take action to mitigate any potential harm to the server.

Abstract: One or more user service tickets are obtained (i.e. pre-fetched) from an authentication server and stored in a ticket cache. The user service tickets facilitate a login device communicating with one or more users or group members associated with the login device. Login credentials for the users or group members may be subsequently authenticated against the user service tickets within the ticket cache thereby eliminating the need for immediate access to the authentication server or a previous login session by the users or group members. The user service tickets within the ticket cache may be refreshed as needed. In one embodiment, the user service tickets are refreshed daily and also in response to login attempts if the authentication service is readily accessible.

Abstract: An apparatus, system, and method are disclosed for managing policies on a computer having a foreign operating system. Policies may specify hardware or software configuration information. Policies on a first computer with a native operating system are translated into configuration information usable on a second computer having a foreign operating system. In an embodiment, a translator manager manages the association between the policy on the first computer and the translator on the second computer. Computer management complexity and information technology management costs are reduced by centralizing computer management on the native operating system. Further reductions in management complexity are realized when the present invention is used in conjunction with network directory services.

Abstract: An apparatus, system, and method are disclosed for managing policies on a computer having a foreign operating system. Policies may specify hardware or software configuration information. Policies on a first computer with a native operating system are translated into configuration information usable on a second computer having a foreign operating system. In an embodiment, a translator manager manages the association between the policy on the first computer and the translator on the second computer. Computer management complexity and information technology management costs are reduced by centralizing computer management on the native operating system. Further reductions in management complexity are realized when the present invention is used in conjunction with network directory services.

Abstract: One or more user service tickets are obtained (i.e. pre-fetched) from an authentication server and stored in a ticket cache. The user service tickets facilitate a login device communicating with one or more users or group members associated with the login device. Login credentials for the users or group members may be subsequently authenticated against the user service tickets within the ticket cache thereby eliminating the need for immediate access to the authentication server or a previous login session by the users or group members. The user service tickets within the ticket cache may be refreshed as needed. In one embodiment, the user service tickets are refreshed daily and also in response to login attempts if the authentication service is readily accessible.

Abstract: An apparatus, system, and method are disclosed for managing policies on a computer having a foreign operating system. Policies may specify hardware or software configuration information. Policies on a first computer with a native operating system are translated into configuration information usable on a second computer having a foreign operating system. In an embodiment, a translator manager manages the association between the policy on the first computer and the translator on the second computer. Computer management complexity and information technology management costs are reduced by centralizing computer management on the native operating system. Further reductions in management complexity are realized when the present invention is used in conjunction with network directory services.

Abstract: An apparatus, system, and method are disclosed for managing policies on a computer having a foreign operating system. Policies may specify hardware or software configuration information. Policies on a first computer with a native operating system are translated into configuration information usable on a second computer having a foreign operating system. In an embodiment, a translator manager manages the association between the policy on the first computer and the translator on the second computer. Computer management complexity and information technology management costs are reduced by centralizing computer management on the native operating system. Further reductions in management complexity are realized when the present invention is used in conjunction with network directory services.

Abstract: One or more user service tickets are obtained (i.e. pre-fetched) from an authentication server and stored in a ticket cache. The user service tickets facilitate a login device communicating with one or more users or group members associated with the login device. Login credentials for the users or group members may be subsequently authenticated against the user service tickets within the ticket cache thereby eliminating the need for immediate access to the authentication server or a previous login session by the users or group members. The user service tickets within the ticket cache may be refreshed as needed. In one embodiment, the user service tickets are refreshed daily and also in response to login attempts if the authentication service is readily accessible.

Abstract: An apparatus, system, and method are disclosed for managing policies on a computer having a foreign operating system. Policies may specify hardware or software configuration information. Policies on a first computer with a native operating system are translated into configuration information usable on a second computer having a foreign operating system. In an embodiment, a translator manager manages the association between the policy on the first computer and the translator on the second computer. Computer management complexity and information technology management costs are reduced by centralizing computer management on the native operating system. Further reductions in management complexity are realized when the present invention is used in conjunction with network directory services.

Abstract: An apparatus, system, and method are disclosed for managing policies on a computer having a foreign operating system. Policies may specify hardware or software configuration information. Policies on a first computer with a native operating system are translated into configuration information usable on a second computer having a foreign operating system. In an embodiment, a translator manager manages the association between the policy on the first computer and the translator on the second computer. Computer management complexity and information technology management costs are reduced by centralizing computer management on the native operating system. Further reductions in management complexity are realized when the present invention is used in conjunction with network directory services.

Abstract: An apparatus, system, and method are disclosed for managing policies on a computer having a foreign operating system. Policies may specify hardware or software configuration information. Policies on a first computer with a native operating system are translated into configuration information usable on a second computer having a foreign operating system. In an embodiment, a translator manager manages the association between the policy on the first computer and the translator on the second computer. Computer management complexity and information technology management costs are reduced by centralizing computer management on the native operating system. Further reductions in management complexity are realized when the present invention is used in conjunction with network directory services.

Abstract: Authentication credentials from legacy applications are translated to Kerberos authentication requests. Authentication credentials from the legacy application are directed to an authentication proxy module. The authentication proxy module acts as a credential translator for the application by receiving a set of credentials such as a user name and password, then managing the process of authenticating to a Kerberos server and obtaining services from one or more Kerberized applications, including Kerberos session encryption. A credential binding module associates a user corresponding to authentication credentials from a legacy authentication protocol with one or more Kerberos credentials. Anonymous authentication credentials may be translated to authentication requests for a network directory services object, such as a computer object or service object.