TCP socket support
Using UNIX sockets solves nicely the access control issue, but it limits the deployment strategies (can't do remote fallback, for one), and it is mostly useless in a container context (it will lead to deploying the auth-server as a sidecar).
It would be nice to offer TCP support (with TLS for client authentication). This would be easy on the server side, whether we let systemd manage the socket or run standalone, but most of the work would be on the client side (so mostly the C PAM module), requiring target selection and some sort of load balancing strategy: there isn't much point in supporting TCP connections unless we also support multiple targets and fallbacks.