diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample
index 6444f98..5ac1f47 100644
--- a/etc/proxy-server.conf-sample
+++ b/etc/proxy-server.conf-sample
@@ -280,7 +280,9 @@ user_test_tester3 = testing3
 # operator_roles = admin, swiftoperator
 # The reseller admin role has the ability to create and delete accounts
 # reseller_admin_role = ResellerAdmin
-
+# The following keystone auth uri is returned when delay_auth_decision
+# is set to true
+# auth_uri = http://keystonehost:5000/
 [filter:healthcheck]
 use = egg:swift#healthcheck
 # An optional filesystem path, which if present, will cause the healthcheck
diff --git a/swift/common/middleware/keystoneauth.py b/swift/common/middleware/keystoneauth.py
index 096af45..a431f2f 100644
--- a/swift/common/middleware/keystoneauth.py
+++ b/swift/common/middleware/keystoneauth.py
@@ -75,6 +75,7 @@ class KeystoneAuth(object):
         self.app = app
         self.conf = conf
         self.logger = swift_utils.get_logger(conf, log_route='keystoneauth')
+        self.auth_uri = conf.get('auth_uri')
         self.reseller_prefix = conf.get('reseller_prefix', 'AUTH_').strip()
         if self.reseller_prefix and self.reseller_prefix[-1] != '_':
             self.reseller_prefix += '_'
@@ -328,7 +329,7 @@ class KeystoneAuth(object):
         if req.remote_user:
             return HTTPForbidden(request=req)
         else:
-            return HTTPUnauthorized(request=req)
+            return HTTPUnauthorized(request=req,headers={'Www-Authenticate': 'Keystone uri="%s"' % self.auth_uri})


 def filter_factory(global_conf, **local_conf):