diff --git a/src/XrdOuc/XrdOucUtils.cc b/src/XrdOuc/XrdOucUtils.cc
index f01c24e4087..b849edfa537 100644
--- a/src/XrdOuc/XrdOucUtils.cc
+++ b/src/XrdOuc/XrdOucUtils.cc
@@ -633,6 +633,26 @@ int XrdOucUtils::ReLink(const char *path, const char *target, mode_t mode)
    return 0;
 }
 
+/******************************************************************************/
+/*                              S a n i t i z e                               */
+/******************************************************************************/
+
+void XrdOucUtils::Sanitize(char *str, char subc)
+{
+
+// Sanitize string according to POSIX.1-2008 stanadard using only the
+// Portable Filename Character Set: a-z A-Z 0-9 ._- with 1st char not being -
+//
+   if (*str)
+      {if (*str == '-') *str = subc;
+       str++;
+       while(*str)
+            {if (!isalnum(*str) && index("_-.", *str) == 0) *str = subc;
+             str++;
+            }
+      }
+}
+
 /******************************************************************************/
 /*                              s u b L o g f n                               */
 /******************************************************************************/
diff --git a/src/XrdOuc/XrdOucUtils.hh b/src/XrdOuc/XrdOucUtils.hh
index 5fd829b3d11..429b5db0650 100644
--- a/src/XrdOuc/XrdOucUtils.hh
+++ b/src/XrdOuc/XrdOucUtils.hh
@@ -85,6 +85,8 @@ static int   makePath(char *path, mode_t mode);
 static char *parseHome(XrdSysError &eDest, XrdOucStream &Config, int &mode);
 
 static int   ReLink(const char *path, const char *target, mode_t mode=0);
+
+static void  Sanitize(char *instr, char subc='_');
  
 static char *subLogfn(XrdSysError &eDest, const char *inst, char *logfn);
 
diff --git a/src/XrdXrootd/XrdXrootdXeq.cc b/src/XrdXrootd/XrdXrootdXeq.cc
index a5e01c8ad24..a71088c2460 100644
--- a/src/XrdXrootd/XrdXrootdXeq.cc
+++ b/src/XrdXrootd/XrdXrootdXeq.cc
@@ -880,16 +880,12 @@ int XrdXrootdProtocol::do_Login()
 //
    SI->Bump(SI->LoginAT);
 
-// Unmarshall the data
+// Unmarshall the pid and construct username using the POSIX.1-2008 standard
 //
    pid = (int)ntohl(Request.login.pid);
-   for (i = 0; i < (int)sizeof(Request.login.username); i++)
-      {if (Request.login.username[i] == '\0' ||
-           Request.login.username[i] == ' ') break;
-       uname[i] = Request.login.username[i];
-       if (!isprint(uname[i])) uname[i] = '_';
-      }
-   uname[i] = '\0';
+   strncpy(uname, (const char *)Request.login.username, sizeof(uname)-2);
+   uname[sizeof(uname)-1] = 0;
+   XrdOucUtils::Sanitize(uname);
 
 // Make sure the user is not already logged in
 //