Apparently it's sort of possible but I don't think for the feint of heart: https://groups.google.com/forum/#!searchin/web2py/override$20auth/web2py/dBRbPxRw8uQ/DLgJs-PgwAQJ
It is possible to manipulate from things in the user() function. For example, mine looks like this: def user(): if not is_pricetack(): redirect('https://pricetack.com/%s' % request.env.web2py_original_uri) form = auth() auth.messages.reset_password = \ 'Click on the link https://' + request.env.http_host + \ URL('default','user',args=['reset_password']) + \ '/%(key)s to reset your password' if auth.user: response.cookies['login_email'] = auth.user.email response.cookies['login_email']['expires'] = 24 * 3600 response.cookies['login_email']['path'] = '/' if 'login_email' in request.cookies and request.args(0) in ['login', 'request_reset_password']: form.element(_name='email').update(_value=request.cookies['login_email'].value) return dict(form=form) Auth is pretty complicated so not super easy to override: http://code.google.com/p/web2py/source/browse/gluon/tools.py#751