I am wondering if there is anything that is the opposite of require valid-user that would deny users based on user names.

I've seen denying users based on IP addresses and the problem is someone has asked for one user to be removed and it is not feasible (for this situation) to deny based on IP address.

I know I could just require valid-user and leave this person's user name off the list, but I do not know who has access to this site and cannot get a list.

Is there a way to deny a user based on their user name? If so, how would I do this?

Thanks!

I know this probably isn't what you were hoping for but this seems like a good point to build a list of people who have access. Add a custom HTTP 403 page that has instructions and/or a link to some sort of registration page so you can use it to build a list.

If you are going to deny based on a username, what if someone just mistypes and enters in a user that doesn't exist? Or uses the username of someone else?

I think you will be a lot happier in the long run because doing it the exact opposite of how most stuff is built is going to cause future headaches.