diff --git a/doc/manpages/proxy-server.conf.5 b/doc/manpages/proxy-server.conf.5
index ff61457952..463306c3c0 100644
--- a/doc/manpages/proxy-server.conf.5
+++ b/doc/manpages/proxy-server.conf.5
@@ -286,6 +286,14 @@ You'll need to have as well the keystoneauth middleware enabled
 and have it in your main pipeline so instead of having tempauth in
 there you can change it to: authtoken keystoneauth
 
+The auth credentials ("project_domain_name", "user_domain_name", "username",
+"project_name", "password")  must match the Keystone credentials for the Swift
+service. The example values shown here assume a user named "swift" with admin
+role on a project named "service", both being in the Keystone domain with id
+"default". Refer to the KeystoneMiddleware documentation at
+.BI  http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#configuration
+for other examples.
+
 .PD 0
 .RS 10
 .IP "paste.filter_factory = keystonemiddleware.auth_token:filter_factory"
diff --git a/doc/source/overview_auth.rst b/doc/source/overview_auth.rst
index 34e7f64cc7..e98526e7ad 100644
--- a/doc/source/overview_auth.rst
+++ b/doc/source/overview_auth.rst
@@ -131,7 +131,7 @@ Configuring Swift to use Keystone
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Configuring Swift to use Keystone_
-is relatively straight forward.  The first
+is relatively straightforward.  The first
 step is to ensure that you have the ``auth_token`` middleware installed. It can
 either be dropped in your python path or installed via the KeystoneMiddleware_
 package.
@@ -181,7 +181,13 @@ your situation, but in short:
 * The auth credentials (``project_domain_id``, ``user_domain_id``,
   ``username``, ``project_name``, ``password``) will be used to retrieve an
   admin token. That token will be used to authorize user tokens behind the
-  scenes.
+  scenes. These credentials must match the Keystone credentials for the Swift
+  service. The example values shown here assume a user named 'swift' with admin
+  role on a project named 'service', both being in the Keystone domain with id
+  'default'. Refer to the `KeystoneMiddleware documentation
+  <http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#configuration>`_
+  for other examples.
+
 * ``cache`` is set to ``swift.cache``. This means that the middleware
   will get the Swift memcache from the request environment.
 * ``include_service_catalog`` defaults to ``True`` if not set. This means
diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample
index 3bcdc4b508..f781795c7e 100644
--- a/etc/proxy-server.conf-sample
+++ b/etc/proxy-server.conf-sample
@@ -327,6 +327,12 @@ user_test5_tester5 = testing5 service
 # auth_uri = http://keystonehost:5000
 # auth_url = http://keystonehost:35357
 # auth_plugin = password
+# The following credentials must match the Keystone credentials for the Swift
+# service and may need to be changed to match your Keystone configuration. The
+# example values shown here assume a user named 'swift' with admin role on a
+# project named 'service', both being in the Keystone domain with id 'default'.
+# Refer to the keystonemiddleware documentation link above [1] for other
+# examples.
 # project_domain_id = default
 # user_domain_id = default
 # project_name = service