How to best identify the source IP address

personanongrata

I decided to try my hand at implementing my own PAM module to produce better forensic data about logins. What I've found is that the PAM itself doesn't reliably collect the source IP address of incoming connections. My question is how would you go about correlating an inbound connection on a socket to an authentication flow from a PAM module?