diff --git a/glide.lock b/glide.lock
index 3861ec7bc6..152c039554 100644
--- a/glide.lock
+++ b/glide.lock
@@ -50,7 +50,7 @@ imports:
   subpackages:
   - group
 - name: github.com/databus23/keystone
-  version: 12c566d59fdb198f5a6d7ad7dfbf99f2a7e09929
+  version: f642ecf9fb5eacb10ed79d7e7fc17e5933a296ed
   subpackages:
   - cache/memory
 - name: github.com/databus23/requestutil
diff --git a/pkg/api/auth/keystone_auth.go b/pkg/api/auth/keystone_auth.go
index 7a98f136c0..a4947d9aed 100644
--- a/pkg/api/auth/keystone_auth.go
+++ b/pkg/api/auth/keystone_auth.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/databus23/keystone"
 	"github.com/databus23/keystone/cache/memory"
+	"github.com/go-kit/kit/log"
 	errors "github.com/go-openapi/errors"
 	flag "github.com/spf13/pflag"
 
@@ -19,12 +20,15 @@ func init() {
 	flag.StringVar(&authURL, "auth-url", "", "Openstack identity v3 auth url")
 }
 
-func Keystone() func(token string) (*models.Principal, error) {
+func Keystone(logger log.Logger) func(token string) (*models.Principal, error) {
 
 	if !(strings.HasSuffix(authURL, "/v3") || strings.HasSuffix(authURL, "/v3/")) {
 		authURL = fmt.Sprintf("%s/%s", strings.TrimRight(authURL, "/"), "/v3")
 	}
 
+	keystone.Log = func(format string, a ...interface{}) {
+		logger.Log("library", "keystone", "msg", fmt.Sprintf(format, a...))
+	}
 	auth := keystone.New(authURL)
 	auth.TokenCache = memory.New(10 * time.Minute)
 
diff --git a/pkg/api/rest/configure.go b/pkg/api/rest/configure.go
index 065710d97c..be214e4554 100644
--- a/pkg/api/rest/configure.go
+++ b/pkg/api/rest/configure.go
@@ -35,7 +35,7 @@ func Configure(api *operations.KubernikusAPI, rt *apipkg.Runtime) error {
 	api.JSONProducer = runtime.JSONProducer()
 
 	// Applies when the "x-auth-token" header is set
-	api.KeystoneAuth = auth.Keystone()
+	api.KeystoneAuth = auth.Keystone(rt.Logger)
 
 	// Set your custom authorizer if needed. Default one is security.Authorized()
 	rules, err := auth.LoadPolicy(auth.DefaultPolicyFile)
diff --git a/vendor/github.com/databus23/keystone/middleware.go b/vendor/github.com/databus23/keystone/middleware.go
index 7ca2650048..25b6844f1a 100644
--- a/vendor/github.com/databus23/keystone/middleware.go
+++ b/vendor/github.com/databus23/keystone/middleware.go
@@ -12,11 +12,16 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"log"
 	"net/http"
 	"strings"
 	"time"
 )
 
+var Log func(string, ...interface{}) = func(format string, a ...interface{}) {
+	log.Printf(format, a...)
+}
+
 // Cache provides the interface for cache implementations.
 type Cache interface {
 	//Set stores a value with the given ttl
@@ -62,7 +67,7 @@ func (a *Auth) Validate(authToken string) (*Token, error) {
 	if a.TokenCache != nil {
 		var cachedToken Token
 		if ok := a.TokenCache.Get(authToken, &cachedToken); ok && cachedToken.Valid() {
-			fmt.Println("Found valid token in cache")
+			Log("Found valid token in cache")
 			return &cachedToken, nil
 		}
 	}
@@ -150,7 +155,7 @@ func (h *handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	context, err := h.Auth.Validate(authToken)
 	if err != nil {
 		//ToDo: How to handle logging, printing to stdout isn't the best thing
-		fmt.Println("Failed to validate token. ", err)
+		Log("Failed to validate token: %v", err)
 		return
 	}