What chars can REALLY be in usernames?

[P E Smee]

I posted the question in the subject field about a week ago.  Following 
is a summary of the responses I received:

		      ----------------

The general summary of responses to my 'what chars can be in Unix
usernames' is that Unix itself is not too fussy, and will probably
actually allow any printing character except : (because that is the
separator in /etc/passwd).

However, there is also a consensus that a large number of these
characters are undesireable. Some have defined meanings to various
commonly used shells or to the kernel, and so would cause various forms
of user confusion.  Others have defined meanings in standard
mail-address schemes, and so would render mail-address strings
difficult or impossible to parse.  These include @ # \ ; < > ( ) . * %
! [ ] { } ~ ! ? / ' ` " ^ $ & and maybe , .

So, at the Unix level it looks like safe characters are A-Z a-z 0-9 + -
_ =

Added restrictions imposed by other programs:

1) At least one mailserver (the one we run, wouldn't you know?) will
not deliver mail to usernames containing underlines.

2) Usernames should DEFINITELY not be all uppercase, as 'login' will
then tip you into upper-case-only mode (interestingly, except on our
Sequent, which seems not to support that mode).

3) Mixed case is a bad idea, as some mailservers (at least) try to find
an exact match for the supplied username, and then a match for the
supplied username tolower()ed, which means that if you get the
capitalisation wrong it can't be delivered.  (And, if you DO use mixed
case, you've still got to consider A equivalent to a, for example, to
avoid problems, so nothing is gained by it.)

4) All-numeric usernames would probably work, but might cause problems
with the few things which will accept either username or userid
(number) as args, so should be avoided.

5) = MIGHT cause problems owing to its use in shell 'set's.  Probably
best to miss it.

At this level, then you're left with a-z, 0-9, -, and +.

There was one report that some PACKAGES which need to know usernames
assume that usernames will be all alphabetic, lowercase only.  (RCS
particularly was mentioned, whatever that is.)  My feeling is that
packages which add restrictions which are not intrinsic to the system,
and are not required by external standards (like the chars 'reserved'
for mail address strings) are flawed, and that you've got a good case
for expecting the supplier to deliver a fix.  (Certainly done that on
VM/CMS.)  However it's a matter of personal taste whether you want to
get involved in that hassle.

Oh, and definitely 8 chars or less.

Thanks to everyone who responded.  I wasn't able to get thank-you notes
back to all of you owing to various authorisation restrictions.

-- 
 Paul Smee, Univ. of Bristol Comp. Centre, Bristol BS8 1TW (Tel +44 272 303132)
 Smee at bristol.ac.uk   :-)   (..!uunet!ukc!gdr.bath.ac.uk!exspes if you HAVE to)