diff --git a/test/functional/swift_test_client.py b/test/functional/swift_test_client.py
index 6c9ee7851f..a6d8aece08 100644
--- a/test/functional/swift_test_client.py
+++ b/test/functional/swift_test_client.py
@@ -26,6 +26,7 @@ import simplejson as json
 
 from nose import SkipTest
 from xml.dom import minidom
+from swiftclient import get_auth
 
 
 class AuthenticationFailed(Exception):
@@ -94,6 +95,7 @@ class Connection(object):
         self.auth_port = int(config['auth_port'])
         self.auth_ssl = config['auth_ssl'] in ('on', 'true', 'yes', '1')
         self.auth_prefix = config.get('auth_prefix', '/')
+        self.auth_version = str(config.get('auth_version', '1'))
 
         self.account = config.get('account')
         self.username = config['username']
@@ -116,38 +118,25 @@ class Connection(object):
             self.storage_token = clone_conn.storage_token
             return
 
-        if self.account:
-            auth_user = '%s:%s' % (self.account, self.username)
+        if self.auth_version == "1":
+            auth_path = '%sv1.0' % (self.auth_prefix)
+            if self.account:
+                auth_user = '%s:%s' % (self.account, self.username)
+            else:
+                auth_user = self.username
         else:
             auth_user = self.username
-        headers = {
-            'x-auth-user': auth_user,
-            'x-auth-key': self.password,
-        }
+            auth_path = self.auth_prefix
+        auth_scheme = 'https://' if self.auth_ssl else 'http://'
+        auth_netloc = "%s:%d" % (self.auth_host, self.auth_port)
+        auth_url = auth_scheme + auth_netloc + auth_path
 
-        path = '%sv1.0' % (self.auth_prefix)
-        if self.auth_ssl:
-            connection = httplib.HTTPSConnection(self.auth_host,
-                                                 port=self.auth_port)
-        else:
-            connection = httplib.HTTPConnection(self.auth_host,
-                                                port=self.auth_port)
-        #connection.set_debuglevel(3)
-        connection.request('GET', path, '', headers)
-        response = connection.getresponse()
-        connection.close()
-
-        if response.status == 401:
-            raise AuthenticationFailed()
-
-        if response.status not in (200, 204):
-            raise ResponseError(response)
-
-        for hdr in response.getheaders():
-            if hdr[0].lower() == "x-storage-url":
-                storage_url = hdr[1]
-            elif hdr[0].lower() == "x-auth-token":
-                storage_token = hdr[1]
+        (storage_url, storage_token) = get_auth(auth_url,
+              auth_user, self.password,
+              snet=False,
+              tenant_name=self.account,
+              auth_version=self.auth_version,
+              os_options={})
 
         if not (storage_url and storage_token):
             raise AuthenticationFailed()
diff --git a/test/functionalnosetests/swift_testing.py b/test/functionalnosetests/swift_testing.py
index ea9a88a4e9..023a753c21 100644
--- a/test/functionalnosetests/swift_testing.py
+++ b/test/functionalnosetests/swift_testing.py
@@ -33,8 +33,12 @@ normalized_urls = conf.get('normalized_urls', False)
 swift_test_auth = os.environ.get('SWIFT_TEST_AUTH')
 swift_test_user = [os.environ.get('SWIFT_TEST_USER'), None, None]
 swift_test_key = [os.environ.get('SWIFT_TEST_KEY'), None, None]
+swift_test_tenant = ['', '', '']
+swift_test_perm = ['', '', '']
 
 if conf:
+    swift_test_auth_version = str(conf.get('auth_version', '1'))
+
     swift_test_auth = 'http'
     if conf.get('auth_ssl', 'no').lower() in ('yes', 'true', 'on', '1'):
         swift_test_auth = 'https'
@@ -42,26 +46,48 @@ if conf:
         conf['auth_prefix'] = '/'
     try:
         swift_test_auth += \
-                '://%(auth_host)s:%(auth_port)s%(auth_prefix)sv1.0' % conf
+                '://%(auth_host)s:%(auth_port)s%(auth_prefix)s' % conf
     except KeyError:
         pass  # skip
-    if 'account' in conf:
-        swift_test_user[0] = '%(account)s:%(username)s' % conf
+
+    if swift_test_auth_version == "1":
+        swift_test_auth += 'v1.0'
+
+        if 'account' in conf:
+            swift_test_user[0] = '%(account)s:%(username)s' % conf
+        else:
+            swift_test_user[0] = '%(username)s' % conf
+        swift_test_key[0] = conf['password']
+        try:
+            swift_test_user[1] = '%s%s' % \
+               ('%s:' % conf['account2'] if 'account2' in conf else '',
+                conf['username2'])
+            swift_test_key[1] = conf['password2']
+        except KeyError, err:
+            pass  # old conf, no second account tests can be run
+        try:
+            swift_test_user[2] = '%s%s' % ('%s:' % conf['account'] if 'account'
+                                           in conf else '', conf['username3'])
+            swift_test_key[2] = conf['password3']
+        except KeyError, err:
+            pass  # old conf, no third account tests can be run
+
+        for _ in range(3):
+            swift_test_perm[_] = swift_test_user[_]
+
     else:
-        swift_test_user[0] = '%(username)s' % conf
-    swift_test_key[0] = conf['password']
-    try:
-        swift_test_user[1] = '%s%s' % ('%s:' % conf['account2'] if 'account2'
-                                       in conf else '', conf['username2'])
+        swift_test_user[0] = conf['username']
+        swift_test_tenant[0] = conf['account']
+        swift_test_key[0] = conf['password']
+        swift_test_user[1] = conf['username2']
+        swift_test_tenant[1] = conf['account2']
         swift_test_key[1] = conf['password2']
-    except KeyError, err:
-        pass  # old conf, no second account tests can be run
-    try:
-        swift_test_user[2] = '%s%s' % ('%s:' % conf['account'] if 'account'
-                                       in conf else '', conf['username3'])
+        swift_test_user[2] = conf['username3']
+        swift_test_tenant[2] = conf['account']
         swift_test_key[2] = conf['password3']
-    except KeyError, err:
-        pass  # old conf, no third account tests can be run
+
+        for _ in range(3):
+            swift_test_perm[_] = swift_test_tenant[_] + ':' + swift_test_user[_]
 
 skip = not all([swift_test_auth, swift_test_user[0], swift_test_key[0]])
 if skip:
@@ -112,7 +138,11 @@ def retry(func, *args, **kwargs):
             if not url[use_account] or not token[use_account]:
                 url[use_account], token[use_account] = \
                     get_auth(swift_test_auth, swift_test_user[use_account],
-                             swift_test_key[use_account])
+                             swift_test_key[use_account],
+                             snet=False,
+                             tenant_name=swift_test_tenant[use_account],
+                             auth_version=swift_test_auth_version,
+                             os_options={})
                 parsed[use_account] = conn[use_account] = None
             if not parsed[use_account] or not conn[use_account]:
                 parsed[use_account], conn[use_account] = \
diff --git a/test/functionalnosetests/test_container.py b/test/functionalnosetests/test_container.py
index dd06260fe7..e92a86c591 100755
--- a/test/functionalnosetests/test_container.py
+++ b/test/functionalnosetests/test_container.py
@@ -24,7 +24,7 @@ from swift.common.constraints import MAX_META_COUNT, MAX_META_NAME_LENGTH, \
     MAX_META_OVERALL_SIZE, MAX_META_VALUE_LENGTH
 
 from swift_testing import check_response, retry, skip, skip2, skip3, \
-                          swift_test_user, web_front_end
+                          swift_test_perm, web_front_end
 
 
 class TestContainer(unittest.TestCase):
@@ -397,8 +397,8 @@ class TestContainer(unittest.TestCase):
         # Make the container accessible by the second account
         def post(url, token, parsed, conn):
             conn.request('POST', parsed.path + '/' + self.name, '',
-                {'X-Auth-Token': token, 'X-Container-Read': swift_test_user[1],
-                 'X-Container-Write': swift_test_user[1]})
+                {'X-Auth-Token': token, 'X-Container-Read': swift_test_perm[1],
+                 'X-Container-Write': swift_test_perm[1]})
             return check_response(conn)
         resp = retry(post)
         resp.read()
@@ -465,7 +465,8 @@ class TestContainer(unittest.TestCase):
         # Now make the container also writeable by the second account
         def post(url, token, parsed, conn):
             conn.request('POST', parsed.path + '/' + self.name, '',
-                {'X-Auth-Token': token, 'X-Container-Write': swift_test_user[1]})
+                {'X-Auth-Token': token,
+                 'X-Container-Write': swift_test_perm[1]})
             return check_response(conn)
         resp = retry(post)
         resp.read()
@@ -502,7 +503,7 @@ class TestContainer(unittest.TestCase):
         # Make the container accessible by the third account
         def post(url, token, parsed, conn):
             conn.request('POST', parsed.path + '/' + self.name, '',
-               {'X-Auth-Token': token, 'X-Container-Read': swift_test_user[2]})
+               {'X-Auth-Token': token, 'X-Container-Read': swift_test_perm[2]})
             return check_response(conn)
         resp = retry(post)
         resp.read()
@@ -523,7 +524,7 @@ class TestContainer(unittest.TestCase):
         def post(url, token, parsed, conn):
             conn.request('POST', parsed.path + '/' + self.name, '',
                          {'X-Auth-Token': token,
-                          'X-Container-Write': swift_test_user[2]})
+                          'X-Container-Write': swift_test_perm[2]})
             return check_response(conn)
         resp = retry(post)
         resp.read()
diff --git a/test/functionalnosetests/test_object.py b/test/functionalnosetests/test_object.py
index 82a6a01a03..168375dd54 100755
--- a/test/functionalnosetests/test_object.py
+++ b/test/functionalnosetests/test_object.py
@@ -23,7 +23,7 @@ from swift.common.constraints import MAX_META_COUNT, MAX_META_NAME_LENGTH, \
     MAX_META_OVERALL_SIZE, MAX_META_VALUE_LENGTH
 
 from swift_testing import check_response, retry, skip, skip3, \
-    swift_test_user, web_front_end
+    swift_test_perm, web_front_end
 from test import get_config
 
 
@@ -220,8 +220,8 @@ class TestObject(unittest.TestCase):
             conn.request('PUT', '%s/%s' % (parsed.path,
                                            shared_container), '',
                          {'X-Auth-Token': token,
-                         'X-Container-Read': swift_test_user[2],
-                         'X-Container-Write': swift_test_user[2]})
+                          'X-Container-Read': swift_test_perm[2],
+                          'X-Container-Write': swift_test_perm[2]})
             return check_response(conn)
         resp = retry(put)
         resp.read()
@@ -419,8 +419,8 @@ class TestObject(unittest.TestCase):
             # Grant access to the third account
             def post(url, token, parsed, conn):
                 conn.request('POST', '%s/%s' % (parsed.path, self.container),
-                    '', {'X-Auth-Token': token, 'X-Container-Read':
-                    swift_test_user[2]})
+                    '', {'X-Auth-Token': token,
+                         'X-Container-Read': swift_test_perm[2]})
                 return check_response(conn)
             resp = retry(post)
             resp.read()
@@ -494,8 +494,8 @@ class TestObject(unittest.TestCase):
             # Grant access to the third account
             def post(url, token, parsed, conn):
                 conn.request('POST', '%s/%s' % (parsed.path, acontainer),
-                    '', {'X-Auth-Token': token, 'X-Container-Read':
-                    swift_test_user[2]})
+                    '', {'X-Auth-Token': token,
+                         'X-Container-Read': swift_test_perm[2]})
                 return check_response(conn)
             resp = retry(post)
             resp.read()
diff --git a/test/sample.conf b/test/sample.conf
index d40fb0fe47..49a83f7098 100644
--- a/test/sample.conf
+++ b/test/sample.conf
@@ -4,6 +4,12 @@ auth_host = 127.0.0.1
 auth_port = 8080
 auth_ssl = no
 auth_prefix = /auth/
+## sample config for Swift with Keystone
+#auth_version = 2
+#auth_host = localhost
+#auth_port = 5000
+#auth_ssl = no
+#auth_prefix = /v2.0/
 
 # Primary functional test account (needs admin access to the account)
 account = test