Right now our handling of sockets for communication with the master is a bit messy. We listen on TCP for a call to create a user specific Unix socket, which is then dynamically created and cleaned up after a while. This is the mechanism used to enforce authentication for the master.
Bug 2796 introduced the requirement of SO_PASSCRED for communicating over the user sockets (at least for connecting to sessions). Using this mechanism for authentication would be much simpler. There would be just a single Unix socket that could exist for as long as vsmserver is running. No more TCP or cleanup timeouts or all of that complexity.