Replace the socket protocol with something better
The custom on-the-wire protocol used by the auth-server is silly, it would probably be best to switch to something more standard.
The reason for the current choice comes from the necessity to have a simple and lightweight C implementation (for the PAM module), but there are self-contained simple libraries for things like JSON that would make it possible to use standard formats. Furthermore, if we are to add TCP support (presumably requiring SSL), we're going to end up writing a lot of code that would be best handled by a third-party library.
HTTP is very verbose for this purpose, and fits badly with UNIX socket connections, so it makes sense to stick with the line-based protocol.