While I have no duck-strangling idea what your problem is, would it not look just as Web 2.0 if, instead of conjuring up a new layer, you directed the user to a new page which only looks like the previous one with a layer on top?
No-one would ever know, less care, if they recover their password.