diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 4cb4db8c6457..8724c55332dd 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_socket.c,v 1.197 2009/12/29 03:48:18 elad Exp $	*/
+/*	$NetBSD: uipc_socket.c,v 1.198 2009/12/29 04:23:43 elad Exp $	*/
 
 /*-
  * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.197 2009/12/29 03:48:18 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.198 2009/12/29 04:23:43 elad Exp $");
 
 #include "opt_compat_netbsd.h"
 #include "opt_sock_counters.h"
@@ -582,6 +582,7 @@ socreate(int dom, struct socket **aso, int type, int proto, struct lwp *l,
 		sofree(so);
 		return error;
 	}
+	so->so_cred = kauth_cred_dup(l->l_cred);
 	sounlock(so);
 	*aso = so;
 	return 0;
@@ -771,6 +772,7 @@ soclose(struct socket *so)
  discard:
 	if (so->so_state & SS_NOFDREF)
 		panic("soclose: NOFDREF");
+	kauth_cred_free(so->so_cred);
 	so->so_state |= SS_NOFDREF;
 	sofree(so);
 	return (error);
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index c0a3593f0cda..0b41cdf1b9d8 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_syscalls.c,v 1.138 2009/12/20 09:36:06 dsl Exp $	*/
+/*	$NetBSD: uipc_syscalls.c,v 1.139 2009/12/29 04:23:43 elad Exp $	*/
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.138 2009/12/20 09:36:06 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.139 2009/12/29 04:23:43 elad Exp $");
 
 #include "opt_pipe.h"
 
@@ -80,6 +80,7 @@ __KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.138 2009/12/20 09:36:06 dsl Exp
 #include <sys/un.h>
 #include <sys/ktrace.h>
 #include <sys/event.h>
+#include <sys/kauth.h>
 
 #include <sys/mount.h>
 #include <sys/syscallargs.h>
@@ -228,9 +229,11 @@ do_sys_accept(struct lwp *l, int sock, struct mbuf **name, register_t *new_sock)
 	fp2->f_ops = &socketops;
 	fp2->f_data = so2;
 	error = soaccept(so2, nam);
+	so2->so_cred = kauth_cred_dup(so->so_cred);
 	sounlock(so);
 	if (error) {
 		/* an error occurred, free the file descriptor and mbuf */
+		kauth_cred_free(so2->so_cred);
 		m_freem(nam);
 		mutex_enter(&fp2->f_lock);
 		fp2->f_count++;
diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h
index af703187619c..040aae1d0576 100644
--- a/sys/sys/socketvar.h
+++ b/sys/sys/socketvar.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: socketvar.h,v 1.123 2009/12/20 09:36:06 dsl Exp $	*/
+/*	$NetBSD: socketvar.h,v 1.124 2009/12/29 04:23:43 elad Exp $	*/
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -177,6 +177,7 @@ struct socket {
 		void	*so_accept_filter_arg;	/* saved filter args */
 		char	*so_accept_filter_str;	/* saved user args */
 	} *so_accf;
+	kauth_cred_t	so_cred;	/* socket credentials */
 };
 
 #define	SB_EMPTY_FIXUP(sb)						\