I've been using user names with embedded spaces for a long time now. You're quoting RFC 1945 which has been obsoleted twice, the latest is RFC 2616, I haven't checked whether it changes the rules though. I'm not sure it matters much, because Apache does not escape anything when writing to the logs, there's no untaiting of user supplied fields such as the request URI, the Referer header or the User Agent header. It's been known for quite a while that these can fool a human reading the logs from a shell with 'cat' or 'tail', e.g. disrupting display by embedding VT control sequences in one of those fields.
Anyone thinking such a log can be parsed with regexps is in for a surprise... Recently the Apache dev list has discussed the possibility of providing a switch that would properly escape fields written to the log.
Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
Want more info? How to link or
or How to display code and escape characters
are good places to start.