Apparently it's sort of possible but I don't think for the feint of heart:
https://groups.google.com/forum/#!searchin/web2py/override$20auth/web2py/dBRbPxRw8uQ/DLgJs-PgwAQJ
It is possible to manipulate from things in the user() function. For
example, mine looks like this:
def user():
if not is_pricetack():
redirect('https://pricetack.com/%s' %
request.env.web2py_original_uri)
form = auth()
auth.messages.reset_password = \
'Click on the link https://' + request.env.http_host + \
URL('default','user',args=['reset_password']) + \
'/%(key)s to reset your password'
if auth.user:
response.cookies['login_email'] = auth.user.email
response.cookies['login_email']['expires'] = 24 * 3600
response.cookies['login_email']['path'] = '/'
if 'login_email' in request.cookies and request.args(0) in ['login',
'request_reset_password']:
form.element(_name='email').update(_value=request.cookies['login_email'].value)
return dict(form=form)
Auth is pretty complicated so not super easy to override:
http://code.google.com/p/web2py/source/browse/gluon/tools.py#751
