Description:
Currently there is a 32 char limitation on ReplicationPassword.
That patch will allow passwords up to 4096 chars

See patch in 'Suggested fix:'

How to repeat:
CHANGE REPLICATION SOURCE TO SOURCE_HOST='127.0.0.1', SOURCE_USER='rpl', SOURCE_PASSWORD='012345678901234567890123456789abcdefgh', SOURCE_SSL=1;

The password provided for the replication user exceeds the maximum length of 32 characters

Suggested fix:
diff --git a/mysql-test/suite/rpl_nogtid/r/rpl_change_master.result b/mysql-test/suite/rpl_nogtid/r/rpl_change_master.result
index deae3d2fc68..3539d516e34 100644
--- a/mysql-test/suite/rpl_nogtid/r/rpl_change_master.result
+++ b/mysql-test/suite/rpl_nogtid/r/rpl_change_master.result
@@ -153,20 +153,18 @@ Note	####	Storing MySQL user name or password information in the connection meta
 include/start_slave.inc
 Master_Host = '127.0.0.1'
 include/rpl_reset.inc
-include/assert.inc [Password length is 32]
+include/assert.inc [Password length is 38]
 SET SQL_LOG_BIN=0;
-CREATE USER rpl@127.0.0.1 IDENTIFIED BY '012345678901234567890123456789ab';
+CREATE USER rpl@127.0.0.1 IDENTIFIED BY '012345678901234567890123456789abcdefgh';
 GRANT REPLICATION SLAVE ON *.* TO rpl@127.0.0.1;
 SET SQL_LOG_BIN=1;
 include/stop_slave.inc
-CHANGE REPLICATION SOURCE TO SOURCE_HOST='127.0.0.1', SOURCE_USER='rpl', SOURCE_PASSWORD='012345678901234567890123456789ab', SOURCE_SSL=1;
+CHANGE REPLICATION SOURCE TO SOURCE_HOST='127.0.0.1', SOURCE_USER='rpl', SOURCE_PASSWORD='012345678901234567890123456789abcdefgh', SOURCE_SSL=1;
 Warnings:
 Note	1759	Sending passwords in plain text without SSL/TLS is extremely insecure.
 Note	1760	Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
 include/start_slave_io.inc
 include/check_slave_param.inc [Slave_IO_Running]
-CHANGE REPLICATION SOURCE TO SOURCE_HOST='127.0.0.1', SOURCE_USER='rpl', SOURCE_PASSWORD='x012345678901234567890123456789ab', SOURCE_SSL=1;
-ERROR HY000: The password provided for the replication user exceeds the maximum length of 32 characters
 SET SQL_LOG_BIN=0;
 DROP USER rpl@127.0.0.1;
 FLUSH PRIVILEGES;
diff --git a/mysql-test/suite/rpl_nogtid/t/rpl_change_master.test b/mysql-test/suite/rpl_nogtid/t/rpl_change_master.test
index bd456b3223b..b89011b7f48 100644
--- a/mysql-test/suite/rpl_nogtid/t/rpl_change_master.test
+++ b/mysql-test/suite/rpl_nogtid/t/rpl_change_master.test
@@ -73,9 +73,9 @@ eval CHANGE REPLICATION SOURCE TO SOURCE_USER='root', SOURCE_HOST='127.0.0.1', S
 # Bug #11752299 REPLICATION SLAVE TRUNCATES MASTER_PASSWORD > 32 CHARACTERS
 #
 
---let $passwd=012345678901234567890123456789ab
---let assert_cond=CHAR_LENGTH("$passwd") = 32
---let assert_text=Password length is 32
+--let $passwd=012345678901234567890123456789abcdefgh
+--let assert_cond=CHAR_LENGTH("$passwd") = 38
+--let assert_text=Password length is 38
 --source include/assert.inc
 
 connection master;
@@ -87,7 +87,7 @@ SET SQL_LOG_BIN=1;
 connection slave;
 --source include/stop_slave.inc
 
-# First, verify that 32 char maximum password works.
+# First, verify that 38 char maximum password works.
 --eval CHANGE REPLICATION SOURCE TO SOURCE_HOST='127.0.0.1', SOURCE_USER='rpl', SOURCE_PASSWORD='$passwd', SOURCE_SSL=1
 
 --source include/start_slave_io.inc
@@ -96,9 +96,7 @@ connection slave;
 --let $slave_param_value= Yes
 --source include/check_slave_param.inc
 
-# Now, prove 1 char oversized password is rejected
---error ER_CHANGE_SOURCE_PASSWORD_LENGTH
---eval CHANGE REPLICATION SOURCE TO SOURCE_HOST='127.0.0.1', SOURCE_USER='rpl', SOURCE_PASSWORD='x$passwd', SOURCE_SSL=1
+
 
 # Cleanup Bug #11752299
 
diff --git a/share/messages_to_clients.txt b/share/messages_to_clients.txt
index e010b378799..dd8290eac70 100644
--- a/share/messages_to_clients.txt
+++ b/share/messages_to_clients.txt
@@ -7325,7 +7325,7 @@ ER_GIS_DATA_WRONG_ENDIANESS
   eng "Geometry byte string must be little endian."
 
 ER_CHANGE_SOURCE_PASSWORD_LENGTH
-  eng "The password provided for the replication user exceeds the maximum length of 32 characters"
+  eng "The password provided for the replication user exceeds the maximum length of 4096 characters"
 
 ER_USER_LOCK_WRONG_NAME 42000
   eng "Incorrect user-level lock name '%-.192s'. The name is empty, NULL, or can not be expressed in the current character-set."
diff --git a/sql/sql_const.h b/sql/sql_const.h
index 259d0cb35a4..10084bc787b 100644
--- a/sql/sql_const.h
+++ b/sql/sql_const.h
@@ -129,7 +129,7 @@ constexpr const size_t MEM_ROOT_BLOCK_SIZE{8192};
 /** Default mode on new files */
 constexpr const int CREATE_MODE{0};
 
-constexpr const size_t MAX_PASSWORD_LENGTH{32};
+constexpr const size_t MAX_PASSWORD_LENGTH{4096};
 
 /**
   Stack reservation.
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 6c3dd85db23..fb6e2b83315 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -3061,7 +3061,7 @@ source_def:
         | change_replication_source_password EQ TEXT_STRING_sys_nonewline
           {
             Lex->mi.password = $3.str;
-            if (strlen($3.str) > 32)
+            if (strlen($3.str) > 4096)
             {
               my_error(ER_CHANGE_SOURCE_PASSWORD_LENGTH, MYF(0));
               MYSQL_YYABORT;
@@ -9255,7 +9255,7 @@ group_replication_password:
           {
             Lex->slave_connection.password = $3.str;
             Lex->contains_plaintext_password = true;
-            if ($3.length > 32)
+            if ($3.length > 4096)
             {
               my_error(ER_GROUP_REPLICATION_PASSWORD_LENGTH, MYF(0));
               MYSQL_YYABORT;

FEATURE Support 4k ReplicationPassword

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: 4kreplication_password.patch (application/octet-stream, text), 5.20 KiB.

Hello Nico Friedrich,

Thank you for the report and contribution.

regards,
Umesh