Hi Roland -
For the current release of passlib, the easiest way would probably be to subclass pbkdf2_sha1:from passlib.hash import pbkdf2_sha1
checksum_size = 32
That said, what you want isn't any more secure than pbkdf2_sha1 with 20 bytes; indirectly, it's actually *less* secure:
The way PBKDF2 implements "key stretching" is that it generates and concatenates blocks of <digest size> bytes, using a function based on the underlying digest algorithm (sha1 in this case). So when you ask for 32 bytes of output, what actually happens is that it must calculate two 20 byte blocks (the sha1 digest size). The catch is that each of these blocks can be calculated independently of each other. And that's why increasing the digest size isn't any more secure: all your attacker has to do is calculate the first block in order to brute force the password, and they can just ignore the second block.
The reason it's actually *less* secure is because you're having to do work that your attacker isn't: by calculating the second block every time you verify a password, your passwords will either 1) take longer for you to calculate (but not for your attacker, who can skip the second block), or 2) force you to reduce the time-cost (the number of pbkdf2 rounds) in order to maintain your old runtime (thus reducing your attacker's workload even more). In either case, your attacker's passwords/second rate increases in comparison to yours ... an advantage you *don't* want to give them.
If you want a 32 byte digest, I'd strongly recommend switching to pbkdf2_sha256, or stick with pbkdf1_sha1 as it is.