diff --git a/files/glance-api-paste.ini b/files/glance-api-paste.ini
index ed39fccf0b..5cfd22f0a5 100644
--- a/files/glance-api-paste.ini
+++ b/files/glance-api-paste.ini
@@ -30,10 +30,6 @@ glance.filter_factory = glance.common.context:ContextMiddleware
 
 [filter:authtoken]
 paste.filter_factory = keystone.middleware.auth_token:filter_factory
-# FIXME(dtroyer): remove these service_* entries after auth_token is updated
-service_host = %KEYSTONE_SERVICE_HOST%
-service_port = %KEYSTONE_SERVICE_PORT%
-service_protocol = %KEYSTONE_SERVICE_PROTOCOL%
 auth_host = %KEYSTONE_AUTH_HOST%
 auth_port = %KEYSTONE_AUTH_PORT%
 auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
diff --git a/files/glance-registry-paste.ini b/files/glance-registry-paste.ini
index 987a8a49c6..b792aa8ed4 100644
--- a/files/glance-registry-paste.ini
+++ b/files/glance-registry-paste.ini
@@ -14,10 +14,6 @@ glance.filter_factory = glance.common.context:ContextMiddleware
 
 [filter:authtoken]
 paste.filter_factory = keystone.middleware.auth_token:filter_factory
-# FIXME(dtroyer): remove these service_* entries after auth_token is updated
-service_host = %KEYSTONE_SERVICE_HOST%
-service_port = %KEYSTONE_SERVICE_PORT%
-service_protocol = %KEYSTONE_SERVICE_PROTOCOL%
 auth_host = %KEYSTONE_AUTH_HOST%
 auth_port = %KEYSTONE_AUTH_PORT%
 auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
diff --git a/files/swift/proxy-server.conf b/files/swift/proxy-server.conf
index e80c1d5eb5..1627af0660 100644
--- a/files/swift/proxy-server.conf
+++ b/files/swift/proxy-server.conf
@@ -19,6 +19,8 @@ account_autocreate = true
 paste.filter_factory = keystone.middleware.swift_auth:filter_factory
 operator_roles = Member,admin
 
+# NOTE(chmou): s3token middleware is not updated yet to use only
+# username and password.
 [filter:s3token]
 paste.filter_factory = keystone.middleware.s3_token:filter_factory
 service_port = %KEYSTONE_SERVICE_PORT%
@@ -29,21 +31,15 @@ auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
 auth_token = %SERVICE_TOKEN%
 admin_token = %SERVICE_TOKEN%
 
-[filter:tokenauth]
+[filter:authtoken]
 paste.filter_factory = keystone.middleware.auth_token:filter_factory
-# FIXME(dtroyer): remove these service_* entries after auth_token is updated
-service_port = %KEYSTONE_SERVICE_PORT%
-service_host = %KEYSTONE_SERVICE_HOST%
-auth_port = %KEYSTONE_AUTH_PORT%
 auth_host = %KEYSTONE_AUTH_HOST%
+auth_port = %KEYSTONE_AUTH_PORT%
 auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
-auth_token = %SERVICE_TOKEN%
-# FIXME(dtroyer): remove admin_token after auth_token is updated
-admin_token = %SERVICE_TOKEN%
+auth_uri = %KEYSTONE_SERVICE_PROTOCOL%://%KEYSTONE_SERVICE_HOST%:%KEYSTONE_SERVICE_PORT%/
 admin_tenant_name = %SERVICE_TENANT_NAME%
 admin_user = %SERVICE_USERNAME%
 admin_password = %SERVICE_PASSWORD%
-cache = swift.cache
 
 [filter:swift3]
 use = egg:swift#swift3
diff --git a/stack.sh b/stack.sh
index 3beb8b7c78..9f88a0bde1 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1078,7 +1078,7 @@ if is_service_enabled swift; then
    # which has some default username and password if you have
    # configured keystone it will checkout the directory.
    if is_service_enabled key; then
-       swift_auth_server="s3token tokenauth keystone"
+       swift_auth_server="s3token authtoken keystone"
    else
        swift_auth_server=tempauth
    fi
@@ -1091,6 +1091,7 @@ if is_service_enabled swift; then
        s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
        s,%SERVICE_USERNAME%,swift,g;
        s,%SERVICE_PASSWORD%,$SERVICE_PASSWORD,g;
+       s,%KEYSTONE_SERVICE_PROTOCOL%,$KEYSTONE_SERVICE_PROTOCOL,g;
        s,%SERVICE_TOKEN%,${SERVICE_TOKEN},g;
        s,%KEYSTONE_SERVICE_PORT%,${KEYSTONE_SERVICE_PORT},g;
        s,%KEYSTONE_SERVICE_HOST%,${KEYSTONE_SERVICE_HOST},g;