diff --git a/config-generator.conf b/config-generator.conf
index 469ec00fec..44e94d1106 100644
--- a/config-generator.conf
+++ b/config-generator.conf
@@ -2,6 +2,7 @@
 output_file = etc/heat/heat.conf.sample
 wrap_width = 79
 namespace = heat.common.config
+namespace = heat.common.context
 namespace = heat.common.crypt
 namespace = heat.common.heat_keystoneclient
 namespace = heat.common.wsgi
diff --git a/heat/common/context.py b/heat/common/context.py
index 7df5638661..74e6747b7a 100644
--- a/heat/common/context.py
+++ b/heat/common/context.py
@@ -34,10 +34,28 @@ from heat.engine import clients
 
 LOG = logging.getLogger(__name__)
 
+
+# Note, we yield the options via list_opts to enable generation of the
+# sample heat.conf, but we don't register these options directly via
+# cfg.CONF.register*, it's done via auth.register_conf_options
+# Note, only auth_plugin = v3password is expected to work, example config:
+# [trustee]
+# auth_plugin = password
+# auth_url = http://192.168.1.2:35357
+# username = heat
+# password = password
+# user_domain_id = default
+V3_PASSWORD_PLUGIN = 'v3password'
 TRUSTEE_CONF_GROUP = 'trustee'
 auth.register_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
 
 
+def list_opts():
+    trustee_opts = auth.conf.get_common_conf_options()
+    trustee_opts.extend(auth.conf.get_plugin_options(V3_PASSWORD_PLUGIN))
+    yield TRUSTEE_CONF_GROUP, trustee_opts
+
+
 class RequestContext(context.RequestContext):
     """Stores information about the security context.
 
@@ -151,6 +169,7 @@ class RequestContext(context.RequestContext):
             cfg.CONF, TRUSTEE_CONF_GROUP, trust_id=self.trust_id)
 
         if self._trusts_auth_plugin:
+            LOG.warn(_LW('SHDEBUG NOT Using the keystone_authtoken'))
             return self._trusts_auth_plugin
 
         LOG.warn(_LW('Using the keystone_authtoken user as the heat '
diff --git a/setup.cfg b/setup.cfg
index f1162d507e..123817e024 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -41,6 +41,7 @@ wsgi_scripts =
 
 oslo.config.opts =
     heat.common.config = heat.common.config:list_opts
+    heat.common.context = heat.common.context:list_opts
     heat.common.crypt = heat.common.crypt:list_opts
     heat.common.heat_keystoneclient = heat.common.heat_keystoneclient:list_opts
     heat.common.wsgi = heat.common.wsgi:list_opts