diff --git a/functions-common b/functions-common
index 33245fbc3d..48c0c75637 100644
--- a/functions-common
+++ b/functions-common
@@ -675,9 +675,8 @@ function get_or_create_domain {
 }
 
 # Gets or creates group
-# Usage: get_or_create_group <groupname> [<domain> <description>]
+# Usage: get_or_create_group <groupname> <domain> [<description>]
 function get_or_create_group {
-    local domain=${2:+--domain ${2}}
     local desc="${3:-}"
     local os_url="$KEYSTONE_SERVICE_URI_V3"
     # Gets group id
@@ -685,34 +684,30 @@ function get_or_create_group {
         # Creates new group with --or-show
         openstack --os-token=$OS_TOKEN --os-url=$os_url \
             --os-identity-api-version=3 group create $1 \
-            $domain --description "$desc" --or-show \
+            --domain $2 --description "$desc" --or-show \
             -f value -c id
     )
     echo $group_id
 }
 
 # Gets or creates user
-# Usage: get_or_create_user <username> <password> [<email> [<domain>]]
+# Usage: get_or_create_user <username> <password> <domain> [<email>]
 function get_or_create_user {
-    if [[ ! -z "$3" ]]; then
-        local email="--email=$3"
+    if [[ ! -z "$4" ]]; then
+        local email="--email=$4"
     else
         local email=""
     fi
-    local os_cmd="openstack"
-    local domain=""
-    if [[ ! -z "$4" ]]; then
-        domain="--domain=$4"
-        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3"
-    fi
     # Gets user id
     local user_id=$(
         # Creates new user with --or-show
-        $os_cmd user create \
+        openstack user create \
             $1 \
             --password "$2" \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
+            --domain=$3 \
             $email \
-            $domain \
             --or-show \
             -f value -c id
     )
diff --git a/lib/glance b/lib/glance
index 016ade3479..2fae002049 100644
--- a/lib/glance
+++ b/lib/glance
@@ -254,7 +254,7 @@ function create_glance_accounts {
         if is_service_enabled s-proxy; then
 
             local glance_swift_user=$(get_or_create_user "glance-swift" \
-                "$SERVICE_PASSWORD" "glance-swift@example.com")
+                "$SERVICE_PASSWORD" "default" "glance-swift@example.com")
             get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
         fi
 
diff --git a/lib/keystone b/lib/keystone
index 90ff31a54c..c33d466c6c 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -358,7 +358,7 @@ function create_keystone_accounts {
 
     # admin
     local admin_tenant=$(get_or_create_project "admin" default)
-    local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")
+    local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)
     local admin_role=$(get_or_create_role "admin")
     get_or_add_user_project_role $admin_role $admin_user $admin_tenant
 
@@ -387,7 +387,7 @@ function create_keystone_accounts {
     # demo
     local demo_tenant=$(get_or_create_project "demo" default)
     local demo_user=$(get_or_create_user "demo" \
-        "$ADMIN_PASSWORD" "demo@example.com")
+        "$ADMIN_PASSWORD" "default" "demo@example.com")
 
     get_or_add_user_project_role $member_role $demo_user $demo_tenant
     get_or_add_user_project_role $admin_role $admin_user $demo_tenant
@@ -426,7 +426,7 @@ function create_keystone_accounts {
 function create_service_user {
     local role=${2:-service}
 
-    local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD")
+    local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)
     get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"
 }
 
diff --git a/lib/swift b/lib/swift
index 420350b95e..0cd51aaddf 100644
--- a/lib/swift
+++ b/lib/swift
@@ -618,18 +618,21 @@ function create_swift_accounts {
 
     local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
     die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
-    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
+    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \
+                        "default" "test@example.com")
     die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
     get_or_add_user_project_role admin $SWIFT_USER_TEST1 $swift_tenant_test1
 
-    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password "test3@example.com")
+    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \
+                                "default" "test3@example.com")
     die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
     get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1
 
     local swift_tenant_test2=$(get_or_create_project swifttenanttest2 default)
     die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
 
-    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
+    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \
+                                "default" "test2@example.com")
     die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
     get_or_add_user_project_role admin $swift_user_test2 $swift_tenant_test2
 
@@ -639,7 +642,8 @@ function create_swift_accounts {
     local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
     die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
 
-    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password "test4@example.com" $swift_domain)
+    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
+                                $swift_domain "test4@example.com")
     die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
     get_or_add_user_project_role admin $swift_user_test4 $swift_tenant_test4
 }
diff --git a/lib/tempest b/lib/tempest
index 4e7133a0db..f3703a072a 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -547,7 +547,7 @@ function create_tempest_accounts {
         # Tempest has some tests that validate various authorization checks
         # between two regular users in separate tenants
         get_or_create_project alt_demo default
-        get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"
+        get_or_create_user alt_demo "$ADMIN_PASSWORD" "default" "alt_demo@example.com"
         get_or_add_user_project_role Member alt_demo alt_demo
     fi
 }
diff --git a/stack.sh b/stack.sh
index dc79fa94f7..489fbe446c 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1006,6 +1006,9 @@ if is_service_enabled keystone; then
     # Begone token auth
     unset OS_TOKEN OS_URL
 
+    # force set to use v2 identity authentication even with v3 commands
+    export OS_AUTH_TYPE=v2password
+
     # Set up password auth credentials now that Keystone is bootstrapped
     export OS_AUTH_URL=$SERVICE_ENDPOINT
     export OS_TENANT_NAME=admin