The auth_register() function in inc/auth.php does a cleanID($_POST['login']), but the auth_login() function does not; this caused some user confusion because when registering with their full names as userids, the downcased registration did not match their expectations (this with letting them choose their own passwords).
[ As an aside, using cleanID() works well: in my case the ALT-Y auto-signature takes them to a wiki "home page" under a "people:" namespace with their cleaned userid, and since the wiki page names are case-insensitive the login code needs to be too. ]
For symmetry, auth_login() needs to do the downcasing too:
$sticky ? $sticky = true : $sticky = false; //sanity check
//auth_register() does cleanID(), we should too!