1. The framework should not define your data model.
2. Many 3rd party apps depend on the existing User and other auth models.
So what do I want ? For authentication there are some common requirements:
- session/cookie management to store a user ID (or other info)
- hooks/middleware/whatever to allow me to check user credentials on each request
- safe hashing/encryption of passwords
- form processing/validation
- integration with OpenID, oAuth, LDAP etc
If a framework, or libraries, provide these then that saves a lot of time and effort, and allows me to create a tailor-made solution.
contrib.auth can be made to do most of these if you still want the ability to play nice with other people's code who expect you to use auth. You'll have to create and manage User objects which it sounds like you're unwilling to do, but you can't have it both ways.
I think having it there is better than not. In most circumstances it saves me a lot of time. If I come across a circumstance that I can't use it then I'm just back to where I would be anyways and will have to write a lot more code and modify 3rd party apps.
When I want to do something more original and specific where I don't need all those apps, Django just gets in the way - and that's when I turn to a more lightweight and flexible framework.
Use the best tool for the job. Sometimes Django is that tool. The problem I have is with companies and individuals who think it's the only tool.