diff --git a/kallithea/controllers/login.py b/kallithea/controllers/login.py
--- a/kallithea/controllers/login.py
+++ b/kallithea/controllers/login.py
@@ -116,7 +116,8 @@ class LoginController(BaseController):
                 # Exception itself
                 h.flash(e, 'error')
             else:
-                log_in_user(user, c.form_result['remember'])
+                log_in_user(user, c.form_result['remember'],
+                    is_external_auth=False)
                 return self._redirect_to_origin(c.came_from)
 
         return render('/login.html')
diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -476,7 +476,8 @@ class AuthUser(object):
     so, set `is_authenticated` to True.
     """
 
-    def __init__(self, user_id=None, api_key=None, username=None):
+    def __init__(self, user_id=None, api_key=None, username=None,
+            is_external_auth=False):
 
         self.user_id = user_id
         self._api_key = api_key
@@ -489,6 +490,7 @@ class AuthUser(object):
         self.is_authenticated = False
         self.admin = False
         self.inherit_default_permissions = False
+        self.is_external_auth = is_external_auth
 
         self.propagate_data()
         self._instance = None
@@ -633,6 +635,7 @@ class AuthUser(object):
             'user_id': self.user_id,
             'username': self.username,
             'is_authenticated': self.is_authenticated,
+            'is_external_auth': self.is_external_auth,
         }
 
     @staticmethod
@@ -644,6 +647,7 @@ class AuthUser(object):
         au = AuthUser(
             user_id=cookie.get('user_id'),
             username=cookie.get('username'),
+            is_external_auth=cookie.get('is_external_auth', False),
         )
         if not au.is_authenticated and au.user_id is not None:
             # user is not authenticated and not empty
diff --git a/kallithea/lib/base.py b/kallithea/lib/base.py
--- a/kallithea/lib/base.py
+++ b/kallithea/lib/base.py
@@ -104,7 +104,7 @@ def _get_access_path(environ):
     return path
 
 
-def log_in_user(user, remember):
+def log_in_user(user, remember, is_external_auth):
     """
     Log a `User` in and update session and cookies. If `remember` is True,
     the session cookie is set to expire in a year; otherwise, it expires at
@@ -115,7 +115,8 @@ def log_in_user(user, remember):
     user.update_lastlogin()
     meta.Session().commit()
 
-    auth_user = AuthUser(user_id=user.user_id)
+    auth_user = AuthUser(user_id=user.user_id,
+                         is_external_auth=is_external_auth)
     auth_user.set_authenticated()
 
     # Start new session to prevent session fixation attacks.
@@ -384,7 +385,7 @@ class BaseController(WSGIController):
         # Authenticate by API key
         if api_key:
             # when using API_KEY we are sure user exists.
-            return AuthUser(api_key=api_key)
+            return AuthUser(api_key=api_key, is_external_auth=True)
 
         # Authenticate by session cookie
         cookie = session.get('authuser')
@@ -415,7 +416,8 @@ class BaseController(WSGIController):
                 if auth_info:
                     username = auth_info['username']
                     user = User.get_by_username(username, case_insensitive=True)
-                    return log_in_user(user, remember=False)
+                    return log_in_user(user, remember=False,
+                                       is_external_auth=True)
 
         # User is anonymous
         return AuthUser()
diff --git a/kallithea/templates/base/base.html b/kallithea/templates/base/base.html
--- a/kallithea/templates/base/base.html
+++ b/kallithea/templates/base/base.html
@@ -348,7 +348,10 @@
             <ol class="links">
               <li><a href="${h.url('notifications')}">${_('Notifications')}: ${c.unread_notifications}</a></li>
               <li>${h.link_to(_(u'My Account'),h.url('my_account'))}</li>
-              <li class="logout">${h.link_to(_(u'Log Out'),h.url('logout_home'))}</li>
+              %if not c.authuser.is_external_auth:
+                ## Cannot log out if using external (container) authentication.
+                <li class="logout">${h.link_to(_(u'Log Out'), h.url('logout_home'))}</li>
+              %endif
             </ol>
             </div>
           %endif
diff --git a/kallithea/tests/functional/test_admin_auth_settings.py b/kallithea/tests/functional/test_admin_auth_settings.py
--- a/kallithea/tests/functional/test_admin_auth_settings.py
+++ b/kallithea/tests/functional/test_admin_auth_settings.py
@@ -175,3 +175,15 @@ class TestAuthSettingsController(TestCon
             extra_environ={'REMOTE_USER': r'example\jane'},
             resulting_username=r'jane',
         )
+
+    def test_container_auth_no_logout(self):
+        self._container_auth_setup(
+            auth_container_header='REMOTE_USER',
+            auth_container_fallback_header='',
+            auth_container_clean_username='True',
+        )
+        response = self.app.get(
+            url=url(controller='admin/my_account', action='my_account'),
+            extra_environ={'REMOTE_USER': 'john'},
+        )
+        self.assertNotIn('Log Out', response.normal_body)