diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index 1a05d53f0..afd89d0d4 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -16,6 +16,7 @@ import (
 	"github.com/containers/image/v5/pkg/docker/config"
 	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/image/v5/types"
+	"github.com/containers/storage/pkg/homedir"
 	"github.com/sirupsen/logrus"
 )
 
@@ -86,10 +87,14 @@ func systemContextWithOptions(sys *types.SystemContext, authFile, dockerCompatAu
 		sys = &types.SystemContext{}
 	}
 
+	defaultDockerConfigPath := filepath.Join(homedir.Get(), ".docker", "config.json")
 	switch {
 	case authFile != "" && dockerCompatAuthFile != "":
 		return nil, errors.New("--authfile and --compat-auth-file can not be set simultaneously")
 	case authFile != "":
+		if authFile == defaultDockerConfigPath {
+			logrus.Warn("--authfile points to ~/.docker/config.json, but the file format is not fully compatible; use --compat-auth-file instead")
+		}
 		sys.AuthFilePath = authFile
 	case dockerCompatAuthFile != "":
 		sys.DockerCompatAuthFilePath = dockerCompatAuthFile
@@ -99,6 +104,9 @@ func systemContextWithOptions(sys *types.SystemContext, authFile, dockerCompatAu
 		// Note that c/image does not natively implement the REGISTRY_AUTH_FILE
 		// variable, so not all callers look for credentials in this location.
 		if authFileVar := os.Getenv("REGISTRY_AUTH_FILE"); authFileVar != "" {
+			if authFileVar == defaultDockerConfigPath {
+				logrus.Warn("$REGISTRY_AUTH_FILE points to ~/.docker/config.json, but the file format is not fully compatible; use --compat-auth-file instead")
+			}
 			sys.AuthFilePath = authFileVar
 		}
 		// This preserves pre-existing _inconsistent_ behavior: