CakePHP Auth login function

CakePHP's Auth component makes simple authentication fairly easy.  However, the project I'm working on could really use some additional data handling in the login process, so I've been trying to modify my User::login()  and User::beforeFilter() methods to inject what I need, which I think would involve a manual login attempt using Auth::login(). 

I've already set [php]$this->Auth->autoRedirect = false;[/php], which is required for anything in User::login() to be executed, but somewhere between beforeFilter() and login(), the password field in $this->data gets emptied and I haven't been able to figure out why.  I've guessed that Auth sneaks in there and erases the password field (as hinted at in a few obscure web posts), but have found no definitive answer... until I actually saw this emblazoned in yellow in that autoRedirect section:

The code present in the login function will only execute after authentication was attempted.

If I were one to pile on internet memes, this would be an appropriate placement for a facepalm.  So, any logic in User::login() is only useful for post-authentication (attempt) data handling, while User::beforeFilter() apparently must be used for pre-authentication (attempt) logic,  Furthermore, pan-authentication (attempt) logic would be unavailable unless one chooses to override Auth::login(), I guess.  (Somewhat related, these two posts describe a way to do that to Auth::identify() without hacking core.  I expect I'll be looking at them in the future at some point.)

I'm going to try to split my needed logic into pre- and post- auth chunks and see how that will work out.