If we're going to fix this, why don't we just go ahead and do / and @ for Kerberos now rather than require another patch later?
As to i18n, AFAIK, POSIX doesn't dictate what characters are allowed in the pw_name field of the passwd struct. Depending upon the age of the source, it may or may not be limited to 8 chars.
A brief search that no one other than Sun in recent releases of Solaris seem to document just what the allowed characters are on the passwd username field, despite the fact that pwck is in quite a few OSes, mainly SysV variants. The vast majority list just restrictions. (first char needs to be a letter, don't use : are the two most common).
This likely means that the above range will break for i18n. It may be worthwhile to peruse some login code (login itself, ssh, rsh, telnet, etc,) to see how they handle it.
That said, the above range should be 'good enough' to cover a very large percentage of the cases.