There's no such thing as user authentication built into Lift. Lift has no concept of a User. All code for authentication is built on top of simple Lift constructs.
Lift has a concept called a SessionVar which allows you to put a type-safe value into a place that's session-specific. In MegaProtoUser:
private object curUserId extends SessionVar[Box[String]](Empty)
def currentUserId: Box[String] = curUserId.is
private object curUser extends RequestVar[Box[ModelType]](currentUserId.flatMap(id => getSingleton.find(id)))
def currentUser: Box[ModelType] = curUser.is
So, the curUserId SessionVar stores the currently logged in User's id (as a String). The curUser RequestVar is the current User object, but calculated on a request-by-request basis.
This is all you need for your own authentication mechanism.
Thanks,
David