> indeed, it looks as if the documentation is outdated in this case. I checked > the code and the mechanism for auditing > is not used anymore. I'm not sure, when this was changed. > And currently there is no alternative audit mechanism.
Thanks for clarifying that. The logging of DefaultLoginService is a start but it's not really sufficient. I can get successful and failed logins, which is great, but there seems to be no way to get the user's remote IP address. Maybe I'll check out the source code next weekend and see if I can't figure out how to fix this. Thanks! - Bram
