Looks like 6.3(1) added the functionality for local authentication of VPN users.
Here's a blurb from the release notes:
"Local User Authentication Database for Network and VPN Access
This feature allows cut-through and VPN (using xauth) traffic to be authenticated using the PIX Firewall local username database (as an alternative in addition to the existing authenticating via an external AAA server).
The server tag variable now accepts the value LOCAL to support cut-through proxy authentication using Local Database. For example:
aaa authentication include http inside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 LOCAL
crypto map outside_map client authentication LOCAL
For more information on this feature, refer to "User Authentication Using the LOCAL Database" in the Cisco PIX Firewall and VPN Configuration Guide.For a complete description of the command syntax for this new command, refer to the Cisco PIX Firewall Command Reference."
Please let us know if you have tried this or if you have any other questions we can help you with.