While creating a new application on App Engine, I can choose whether to allow any standard Google Accounts to log into my application or limit the logins to one particular Google Apps domain.
I am afraid allowing Google account only login could damage an application acceptance.
Is it possible to use a simple authentication mechanisms such as Realm in Tomcat or something like similar. That it is to say, typical email / password login.
You are completely free to implement your own authentication mechanism. The one that AppEngine provides for free is tied to Google Accounts, but you can roll your own. Just be careful, as designing a really robust, safe and hack-resistant authentication scheme is extremely challenging.
I would suggest openID, and if necessary for sharing data with external systems, oauth. I think users would tend to react well to openID for authentication, as opposed to being asked to fork over their user credentials.
I would recommend dyuproject, if you're using java.