diff --git a/swift/common/middleware/s3api/s3token.py b/swift/common/middleware/s3api/s3token.py
index c376dac5fa..3693b2f28d 100644
--- a/swift/common/middleware/s3api/s3token.py
+++ b/swift/common/middleware/s3api/s3token.py
@@ -403,8 +403,8 @@ class S3Token(object):
             tenant_to_connect = tenant_to_connect.encode('utf-8')
         self._logger.debug('Connecting with tenant: %s', tenant_to_connect)
         new_tenant_name = '%s%s' % (self._reseller_prefix, tenant_to_connect)
-        environ['PATH_INFO'] = environ['PATH_INFO'].replace(account,
-                                                            new_tenant_name)
+        environ['PATH_INFO'] = environ['PATH_INFO'].replace(
+            account, new_tenant_name, 1)
         return self._app(environ, start_response)
 
 
diff --git a/test/unit/common/middleware/s3api/test_s3token.py b/test/unit/common/middleware/s3api/test_s3token.py
index 1c974fd125..bef6cf9e7b 100644
--- a/test/unit/common/middleware/s3api/test_s3token.py
+++ b/test/unit/common/middleware/s3api/test_s3token.py
@@ -956,6 +956,18 @@ class S3TokenMiddlewareTestV3(S3TokenMiddlewareTestBase):
         self._assert_authorized(req, account_path='/v1/')
         self.assertEqual(req.environ['PATH_INFO'], '/v1/AUTH_PROJECT_ID/c/o')
 
+    def test_authorize_with_access_key_in_container(self):
+        req = Request.blank('/v1/accesskey/accesskey.c/o')
+        req.environ['s3api.auth_details'] = {
+            'access_key': u'access',
+            'signature': u'signature',
+            'string_to_sign': u'token',
+        }
+        req.get_response(self.middleware)
+        self._assert_authorized(req, account_path='/v1/')
+        self.assertEqual(req.environ['PATH_INFO'],
+                         '/v1/AUTH_PROJECT_ID/accesskey.c/o')
+
     def test_authorize_with_access_key_and_unquote_chars(self):
         req = Request.blank('/v1/ab%c=/c/o')
         req.environ['s3api.auth_details'] = {