diff --git a/swift/common/middleware/keystoneauth.py
b/swift/common/middleware/keystoneauth.py
index 096af45..16c9efd 100644
--- a/swift/common/middleware/keystoneauth.py
+++ b/swift/common/middleware/keystoneauth.py
@@ -88,7 +88,7 @@ class KeystoneAuth(object):
         self.allow_overrides =
swift_utils.config_true_value(config_overrides)
 
     def __call__(self, environ, start_response):
-        identity = self._keystone_identity(environ)
+        identity = self._integral_keystone_identity(environ)
 
         # Check if one of the middleware like tempurl or formpost have
         # set the swift.authorize_override environ and want to control the
@@ -134,6 +134,8 @@ class KeystoneAuth(object):
 
     def _integral_keystone_identity(self, environ):
         """Extract the identity from the Keystone auth component."""
+        if 'keystone.identity' in environ:
+            return environ['keystone.identity']
         if environ.get('HTTP_X_IDENTITY_STATUS') != 'Confirmed':
             return
         roles = []
diff --git a/swift/common/request_helpers.py b/swift/common/request_helpers.py
index 98a239e..13efee3 100644
--- a/swift/common/request_helpers.py
+++ b/swift/common/request_helpers.py
@@ -285,10 +285,9 @@ class SegmentedIterable(object):
                 # Make sure that the segment is a plain old object, not some
                 # flavor of large object, so that we can check its MD5.
                 path = seg_path + '?multipart-manifest=get'
+                self.req.environ.pop('HTTP_X_AUTH_TOKEN', None)
                 seg_req = make_subrequest(
                     self.req.environ, path=path, method='GET',
-                    headers={'x-auth-token': self.req.headers.get(
-                        'x-auth-token')},
                     agent=('%(orig)s ' + self.ua_suffix),
                     swift_source=self.swift_source)
                 if first_byte is not None or last_byte is not None:
diff --git a/swift/common/wsgi.py b/swift/common/wsgi.py
index 19d5c68..d6f7b5a 100644
--- a/swift/common/wsgi.py
+++ b/swift/common/wsgi.py
@@ -579,7 +579,7 @@ def make_env(env, method=None, path=None, agent='Swift',
query_string=None,
                  'HTTP_ORIGIN', 'HTTP_ACCESS_CONTROL_REQUEST_METHOD',
                  'SERVER_PROTOCOL', 'swift.cache', 'swift.source',
                  'swift.trans_id', 'swift.authorize_override',
-                 'swift.authorize'):
+                 'swift.authorize', 'keystone.identity'):
         if name in env:
             newenv[name] = env[name]
     if method: