Comment 3 for bug 1471882

Not sure if I got you right. My question was about the username/password being written to the HTTP headers (X-Auth-User/Key).

My impression is that this never happens since Keystone returns a token and that is what is passed to the API, so that actually there will never we X-Auth-User/Key headers.

But: If that assumption is wrong, then I would expect that in addition to X-Auth-User/Key, also the domain has to be passed in the HTTP header as part of the credentials_headers() implementation. See also Heat's "http.py" variant of credentials_headers () here: https://github.com/openstack/python-heatclient/blob/master/heatclient/common/http.py.

I will submit a pull-request with my changes today.