diff --git a/docker/docker_client.go b/docker/docker_client.go
index ca52ad1080..9921d3186a 100644
--- a/docker/docker_client.go
+++ b/docker/docker_client.go
@@ -8,7 +8,6 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
-	"os"
 	"path/filepath"
 	"strings"
 
@@ -21,10 +20,6 @@ const (
 	dockerRegistry     = "registry-1.docker.io"
 	dockerAuthRegistry = "https://index.docker.io/v1/"
 
-	dockerCfg         = ".docker"
-	dockerCfgFileName = "config.json"
-	dockerCfgObsolete = ".dockercfg"
-
 	baseURL       = "%s://%s/v2/"
 	tagsURL       = "%s/tags/list"
 	manifestURL   = "%s/manifests/%s"
@@ -43,17 +38,13 @@ type dockerClient struct {
 }
 
 // newDockerClient returns a new dockerClient instance for refHostname (a host a specified in the Docker image reference, not canonicalized to dockerRegistry)
-func newDockerClient(refHostname, certPath string, tlsVerify bool) (*dockerClient, error) {
+func newDockerClient(refHostname, certPath string, tlsVerify bool, username, password string) (*dockerClient, error) {
 	var registry string
 	if refHostname == dockerHostname {
 		registry = dockerRegistry
 	} else {
 		registry = refHostname
 	}
-	username, password, err := getAuth(refHostname)
-	if err != nil {
-		return nil, err
-	}
 	var tr *http.Transport
 	if certPath != "" || !tlsVerify {
 		tlsc := &tls.Config{}
@@ -234,52 +225,6 @@ func (c *dockerClient) getBearerToken(realm, service, scope string) (string, err
 	return tokenStruct.Token, nil
 }
 
-func getAuth(hostname string) (string, string, error) {
-	// TODO(runcom): get this from *cli.Context somehow
-	//if username != "" && password != "" {
-	//return username, password, nil
-	//}
-	if hostname == dockerHostname {
-		hostname = dockerAuthRegistry
-	}
-	dockerCfgPath := filepath.Join(getDefaultConfigDir(".docker"), dockerCfgFileName)
-	if _, err := os.Stat(dockerCfgPath); err == nil {
-		j, err := ioutil.ReadFile(dockerCfgPath)
-		if err != nil {
-			return "", "", err
-		}
-		var dockerAuth dockerConfigFile
-		if err := json.Unmarshal(j, &dockerAuth); err != nil {
-			return "", "", err
-		}
-		// try the normal case
-		if c, ok := dockerAuth.AuthConfigs[hostname]; ok {
-			return decodeDockerAuth(c.Auth)
-		}
-	} else if os.IsNotExist(err) {
-		oldDockerCfgPath := filepath.Join(getDefaultConfigDir(dockerCfgObsolete))
-		if _, err := os.Stat(oldDockerCfgPath); err != nil {
-			return "", "", nil //missing file is not an error
-		}
-		j, err := ioutil.ReadFile(oldDockerCfgPath)
-		if err != nil {
-			return "", "", err
-		}
-		var dockerAuthOld map[string]dockerAuthConfigObsolete
-		if err := json.Unmarshal(j, &dockerAuthOld); err != nil {
-			return "", "", err
-		}
-		if c, ok := dockerAuthOld[hostname]; ok {
-			return decodeDockerAuth(c.Auth)
-		}
-	} else {
-		// if file is there but we can't stat it for any reason other
-		// than it doesn't exist then stop
-		return "", "", fmt.Errorf("%s - %v", dockerCfgPath, err)
-	}
-	return "", "", nil
-}
-
 type apiErr struct {
 	Code    string
 	Message string
diff --git a/docker/docker_image.go b/docker/docker_image.go
index 4163089abe..500d4897e1 100644
--- a/docker/docker_image.go
+++ b/docker/docker_image.go
@@ -18,8 +18,8 @@ type Image struct {
 
 // NewImage returns a new Image interface type after setting up
 // a client to the registry hosting the given image.
-func NewImage(img, certPath string, tlsVerify bool) (types.Image, error) {
-	s, err := newDockerImageSource(img, certPath, tlsVerify)
+func NewImage(img, certPath string, tlsVerify bool, username, password string) (types.Image, error) {
+	s, err := newDockerImageSource(img, certPath, tlsVerify, username, password)
 	if err != nil {
 		return nil, err
 	}
diff --git a/docker/docker_image_dest.go b/docker/docker_image_dest.go
index 68dd187f47..4d93271e18 100644
--- a/docker/docker_image_dest.go
+++ b/docker/docker_image_dest.go
@@ -19,12 +19,12 @@ type dockerImageDestination struct {
 }
 
 // NewImageDestination creates a new ImageDestination for the specified image and connection specification.
-func NewImageDestination(img, certPath string, tlsVerify bool) (types.ImageDestination, error) {
+func NewImageDestination(img, certPath string, tlsVerify bool, username, password string) (types.ImageDestination, error) {
 	ref, err := parseImageName(img)
 	if err != nil {
 		return nil, err
 	}
-	c, err := newDockerClient(ref.Hostname(), certPath, tlsVerify)
+	c, err := newDockerClient(ref.Hostname(), certPath, tlsVerify, username, password)
 	if err != nil {
 		return nil, err
 	}
diff --git a/docker/docker_image_src.go b/docker/docker_image_src.go
index 7e719552d7..85f3329161 100644
--- a/docker/docker_image_src.go
+++ b/docker/docker_image_src.go
@@ -29,12 +29,12 @@ type dockerImageSource struct {
 }
 
 // newDockerImageSource is the same as NewImageSource, only it returns the more specific *dockerImageSource type.
-func newDockerImageSource(img, certPath string, tlsVerify bool) (*dockerImageSource, error) {
+func newDockerImageSource(img, certPath string, tlsVerify bool, username, password string) (*dockerImageSource, error) {
 	ref, err := parseImageName(img)
 	if err != nil {
 		return nil, err
 	}
-	c, err := newDockerClient(ref.Hostname(), certPath, tlsVerify)
+	c, err := newDockerClient(ref.Hostname(), certPath, tlsVerify, username, password)
 	if err != nil {
 		return nil, err
 	}
@@ -45,8 +45,8 @@ func newDockerImageSource(img, certPath string, tlsVerify bool) (*dockerImageSou
 }
 
 // NewImageSource creates a new ImageSource for the specified image and connection specification.
-func NewImageSource(img, certPath string, tlsVerify bool) (types.ImageSource, error) {
-	return newDockerImageSource(img, certPath, tlsVerify)
+func NewImageSource(img, certPath string, tlsVerify bool, username, password string) (types.ImageSource, error) {
+	return newDockerImageSource(img, certPath, tlsVerify, username, password)
 }
 
 // IntendedDockerReference returns the Docker reference for this image, _as specified by the user_
diff --git a/openshift/openshift.go b/openshift/openshift.go
index 36958fe41f..96e67fcb90 100644
--- a/openshift/openshift.go
+++ b/openshift/openshift.go
@@ -176,13 +176,15 @@ type openshiftImageSource struct {
 	// Values specific to this image
 	certPath  string // Only for parseDockerImageSource
 	tlsVerify bool   // Only for parseDockerImageSource
+	username  string // Only for parseDockerImageSource
+	password  string // Only for parseDockerImageSource
 	// State
 	docker               types.ImageSource // The Docker Registry endpoint, or nil if not resolved yet
 	imageStreamImageName string            // Resolved image identifier, or "" if not known yet
 }
 
 // NewImageSource creates a new ImageSource for the specified image and connection specification.
-func NewImageSource(imageName, certPath string, tlsVerify bool) (types.ImageSource, error) {
+func NewImageSource(imageName, certPath string, tlsVerify bool, username, password string) (types.ImageSource, error) {
 	client, err := newOpenshiftClient(imageName)
 	if err != nil {
 		return nil, err
@@ -192,6 +194,8 @@ func NewImageSource(imageName, certPath string, tlsVerify bool) (types.ImageSour
 		client:    client,
 		certPath:  certPath,
 		tlsVerify: tlsVerify,
+		username:  username,
+		password:  password,
 	}, nil
 }
 
@@ -257,7 +261,7 @@ func (s *openshiftImageSource) ensureImageIsResolved() error {
 		return err
 	}
 	logrus.Debugf("Resolved reference %#v", dockerRef)
-	d, err := docker.NewImageSource(dockerRef, s.certPath, s.tlsVerify)
+	d, err := docker.NewImageSource(dockerRef, s.certPath, s.tlsVerify, s.username, s.password)
 	if err != nil {
 		return err
 	}
@@ -272,7 +276,7 @@ type openshiftImageDestination struct {
 }
 
 // NewImageDestination creates a new ImageDestination for the specified image and connection specification.
-func NewImageDestination(imageName, certPath string, tlsVerify bool) (types.ImageDestination, error) {
+func NewImageDestination(imageName, certPath string, tlsVerify bool, username, password string) (types.ImageDestination, error) {
 	client, err := newOpenshiftClient(imageName)
 	if err != nil {
 		return nil, err
@@ -282,7 +286,7 @@ func NewImageDestination(imageName, certPath string, tlsVerify bool) (types.Imag
 	// i.e. a single signed image cannot be available under multiple tags.  But with types.ImageDestination, we don't know
 	// the manifest digest at this point.
 	dockerRef := fmt.Sprintf("%s/%s/%s:%s", client.dockerRegistryHostPart(), client.namespace, client.stream, client.tag)
-	docker, err := docker.NewImageDestination(dockerRef, certPath, tlsVerify)
+	docker, err := docker.NewImageDestination(dockerRef, certPath, tlsVerify, username, password)
 	if err != nil {
 		return nil, err
 	}