diff --git a/files/debs/keystone b/files/debs/keystone
index f5816b59de..dd533d0e9b 100644
--- a/files/debs/keystone
+++ b/files/debs/keystone
@@ -4,3 +4,4 @@ python-mysql.connector
 libldap2-dev
 libsasl2-dev
 libkrb5-dev
+memcached
diff --git a/files/rpms-suse/keystone b/files/rpms-suse/keystone
index c838b413c3..bd5367c10d 100644
--- a/files/rpms-suse/keystone
+++ b/files/rpms-suse/keystone
@@ -1,4 +1,5 @@
 cyrus-sasl-devel
+memcached
 openldap2-devel
 python-devel
 sqlite3
diff --git a/files/rpms/keystone b/files/rpms/keystone
index 8074119fdb..141408a4d4 100644
--- a/files/rpms/keystone
+++ b/files/rpms/keystone
@@ -1,4 +1,5 @@
 MySQL-python
 libxslt-devel
 sqlite
+memcached
 mod_ssl
diff --git a/lib/keystone b/lib/keystone
index ec28b46341..63a1398660 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -443,6 +443,7 @@ function configure_auth_token_middleware {
     iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
     iniset $conf_file $section cafile $SSL_BUNDLE_FILE
     iniset $conf_file $section signing_dir $signing_dir
+    iniset $conf_file $section memcache_servers 127.0.0.1:11211
 }
 
 # init_keystone() - Initialize databases, etc.
@@ -512,17 +513,11 @@ function install_keystone {
     if is_service_enabled ldap; then
         install_ldap
     fi
-    if [[ "$KEYSTONE_TOKEN_BACKEND" = "memcache" ]]; then
-        # Install memcached and the memcache Python library that keystone uses.
-        # Unfortunately the Python library goes by different names in the .deb
-        # and .rpm circles.
-        install_package memcached
-        if is_ubuntu; then
-            install_package python-memcache
-        else
-            install_package python-memcached
-        fi
-    fi
+
+    # Install the memcache library so keystonemiddleware can cache tokens in a
+    # shared location.
+    pip_install python-memcached
+
     git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
     setup_develop $KEYSTONE_DIR
     if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
@@ -566,6 +561,9 @@ function start_keystone {
         start_tls_proxy '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT &
         start_tls_proxy '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT &
     fi
+
+    # (re)start memcached to make sure we have a clean memcache.
+    restart_service memcached
 }
 
 # stop_keystone() - Stop running processes