diff --git a/functions-common b/functions-common
index cfe0c8d4ba..ab5a1a4b3c 100644
--- a/functions-common
+++ b/functions-common
@@ -88,9 +88,9 @@ function write_clouds_yaml {
         --file $CLOUDS_YAML \
         --os-cloud devstack \
         --os-region-name $REGION_NAME \
-        --os-identity-api-version $IDENTITY_API_VERSION \
+        --os-identity-api-version 3 \
         $CA_CERT_ARG \
-        --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+        --os-auth-url $KEYSTONE_AUTH_URI \
         --os-username demo \
         --os-password $ADMIN_PASSWORD \
         --os-project-name demo
@@ -98,9 +98,9 @@ function write_clouds_yaml {
         --file $CLOUDS_YAML \
         --os-cloud devstack-admin \
         --os-region-name $REGION_NAME \
-        --os-identity-api-version $IDENTITY_API_VERSION \
+        --os-identity-api-version 3 \
         $CA_CERT_ARG \
-        --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+        --os-auth-url $KEYSTONE_AUTH_URI \
         --os-username admin \
         --os-password $ADMIN_PASSWORD \
         --os-project-name admin
@@ -735,16 +735,13 @@ function policy_add {
 # Usage: get_or_create_domain <name> <description>
 function get_or_create_domain {
     local domain_id
-    local os_url="$KEYSTONE_SERVICE_URI_V3"
     # Gets domain id
     domain_id=$(
         # Gets domain id
-        openstack --os-token=$OS_TOKEN --os-url=$os_url \
-            --os-identity-api-version=3 domain show $1 \
+        openstack domain show $1 \
             -f value -c id 2>/dev/null ||
         # Creates new domain
-        openstack --os-token=$OS_TOKEN --os-url=$os_url \
-            --os-identity-api-version=3 domain create $1 \
+        openstack domain create $1 \
             --description "$2" \
             -f value -c id
     )
@@ -755,13 +752,11 @@ function get_or_create_domain {
 # Usage: get_or_create_group <groupname> <domain> [<description>]
 function get_or_create_group {
     local desc="${3:-}"
-    local os_url="$KEYSTONE_SERVICE_URI_V3"
     local group_id
     # Gets group id
     group_id=$(
         # Creates new group with --or-show
-        openstack --os-token=$OS_TOKEN --os-url=$os_url \
-            --os-identity-api-version=3 group create $1 \
+        openstack group create $1 \
             --domain $2 --description "$desc" --or-show \
             -f value -c id
     )
@@ -783,8 +778,6 @@ function get_or_create_user {
         openstack user create \
             $1 \
             --password "$2" \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --domain=$3 \
             $email \
             --or-show \
@@ -799,9 +792,7 @@ function get_or_create_project {
     local project_id
     project_id=$(
         # Creates new project with --or-show
-        openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
-            project create $1 \
+        openstack project create $1 \
             --domain=$2 \
             --or-show -f value -c id
     )
@@ -815,8 +806,6 @@ function get_or_create_role {
     role_id=$(
         # Creates role with --or-show
         openstack role create $1 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --or-show -f value -c id
     )
     echo $role_id
@@ -829,8 +818,6 @@ function get_or_add_user_project_role {
     # Gets user role id
     user_role_id=$(openstack role list \
         --user $2 \
-        --os-url=$KEYSTONE_SERVICE_URI_V3 \
-        --os-identity-api-version=3 \
         --column "ID" \
         --project $3 \
         --column "Name" \
@@ -839,13 +826,9 @@ function get_or_add_user_project_role {
         # Adds role to user and get it
         openstack role add $1 \
             --user $2 \
-            --project $3 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3
+            --project $3
         user_role_id=$(openstack role list \
             --user $2 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --column "ID" \
             --project $3 \
             --column "Name" \
@@ -860,21 +843,15 @@ function get_or_add_group_project_role {
     local group_role_id
     # Gets group role id
     group_role_id=$(openstack role list \
-        --os-url=$KEYSTONE_SERVICE_URI_V3 \
-        --os-identity-api-version=3 \
         --group $2 \
         --project $3 \
         -c "ID" -f value)
     if [[ -z "$group_role_id" ]]; then
         # Adds role to group and get it
         openstack role add $1 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --group $2 \
             --project $3
         group_role_id=$(openstack role list \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --group $2 \
             --project $3 \
             -c "ID" -f value)
@@ -892,8 +869,6 @@ function get_or_create_service {
         openstack service show $2 -f value -c id 2>/dev/null ||
         # Creates new service if not exists
         openstack service create \
-            --os-url $KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             $2 \
             --name $1 \
             --description="$3" \
@@ -912,8 +887,6 @@ function _get_or_create_endpoint_with_interface {
     # gets support for this, the check for the region name can be removed.
     # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
     endpoint_id=$(openstack endpoint list \
-        --os-url $KEYSTONE_SERVICE_URI_V3 \
-        --os-identity-api-version=3 \
         --service $1 \
         --interface $2 \
         --region $4 \
@@ -921,8 +894,6 @@ function _get_or_create_endpoint_with_interface {
     if [[ -z "$endpoint_id" ]]; then
         # Creates new endpoint
         endpoint_id=$(openstack endpoint create \
-            --os-url $KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             $1 $2 $3 --region $4 -f value -c id)
     fi
 
diff --git a/lib/swift b/lib/swift
index caf2fdf00f..2c4ddfe36e 100644
--- a/lib/swift
+++ b/lib/swift
@@ -799,10 +799,10 @@ function stop_swift {
 
 function swift_configure_tempurls {
     OS_USERNAME=swift \
-        OS_TENANT_NAME=$SERVICE_TENANT_NAME \
+        OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
         OS_PASSWORD=$SERVICE_PASSWORD \
-        OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
-        swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
+        OS_AUTH_URL=$SERVICE_ENDPOINT \
+        swift post --auth-version 3 -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
 }
 
 # Restore xtrace
diff --git a/stack.sh b/stack.sh
index c2eeaee6f6..01668c208b 100755
--- a/stack.sh
+++ b/stack.sh
@@ -975,13 +975,15 @@ if is_service_enabled keystone; then
         start_keystone
     fi
 
+    export OS_IDENTITY_API_VERSION=3
+
     # Set up a temporary admin URI for Keystone
-    SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
+    SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
 
     if is_service_enabled tls-proxy; then
         export OS_CACERT=$INT_CA_DIR/ca-chain.pem
         # Until the client support is fixed, just use the internal endpoint
-        SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
+        SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
     fi
 
     # Setup OpenStackClient token-endpoint auth
@@ -1005,14 +1007,13 @@ if is_service_enabled keystone; then
     # Begone token auth
     unset OS_TOKEN OS_URL
 
-    # force set to use v2 identity authentication even with v3 commands
-    export OS_AUTH_TYPE=v2password
-
     # Set up password auth credentials now that Keystone is bootstrapped
-    export OS_AUTH_URL=$SERVICE_ENDPOINT
-    export OS_TENANT_NAME=admin
+    export OS_AUTH_URL=$KEYSTONE_AUTH_URI
     export OS_USERNAME=admin
+    export OS_USER_DOMAIN_ID=default
     export OS_PASSWORD=$ADMIN_PASSWORD
+    export OS_PROJECT_NAME=admin
+    export OS_PROJECT_DOMAIN_ID=default
     export OS_REGION_NAME=$REGION_NAME
 fi