Description:
Both slave and master are the same version.

When setting up replication, I decided to use an arbitrarily long (50 characters) randomly-generated password for the replication user account.  

The master server accepted this password for SET PASSWORD FOR 'repl'@'hostmask' TO PASSWORD('...');  In addition, I could connect to the master with this user from the mysql commandline client using this password.

However, after performing CHANGE MASTER TO MASTER_PASSWORD='...' on the slave, the slave was unable to connect (SHOW SLAVE STATUS consistently said "Connecting to master").  Examinination of master.info showed that the slave only kept the first 32 characters of the password -- thus using the wrong password on its connection attempts.

Using a shorter (<32 character) password made everything work again.

How to repeat:
See above.

Suggested fix:
Either maintain the entire password on the slave, or fail with an error if the specified password is too long.

Thank you for the report.

Verified as described.

test case

Attachment: rpl_bug43439.test (application/octet-stream, text), 360 bytes.

This issue is still live as of v5.5.

What I find particularly disturbing is that this bug is not mentioned in the MySQL manual at all, let alone in section 15.1.1.3 (MySQL Reference Manual, version 5.5). If this bug is not going to be fixed anytime soon (it has been open for over two years now), please at least document this issue so that poor MySQL admins like myself don't waste 10+ hours of our life trying to setup a secure replication environment just to manually discover bug #43439.

Thank you in advance for your response!

I've updated http://dev.mysql.com/doc/refman/5.5/en/change-master-to.html and http://dev.mysql.com/doc/refman/5.5/en/set-password.html (and their equivalents in the other versions of the Manual) with some notes about this issue. 

Bug status unchanged.

I found this is not fixed in 5.6.16 yet.

At least, can it get to create a warning?

Patch for create a warning.

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: 43439.patch (application/octet-stream, text), 690 bytes.

Posted by developer:
 
The recommended way of fixing is an alternative of letting any lengthy password or
to error out. I would like to error out, 'cos to let is somewhat heavier. Besides it would be for granted once
we removed the FILE as slave repository type.

The contributed patch is almost good, but it offers to warn.
I am not kin to that 'cos it not more than delays inevitable error at START SLAVE.
So let's throw the error right away as originally suggested.

Hi,

Yes, you are right.
I modified my patch to error out over 32 characters and to rebase 5.6.17 with testcase.

Regards,

fix and testcase based on 5.6.17.

Attachment: bug_43439_2.patch (application/octet-stream, text), 1.63 KiB.

Fix documented in the 5.7.5 changelog, as follows:

    The maximum length that can be used for the password in a CHANGE
    MASTER TO statement is 32 characters. Previously, when a longer
    password was employed, any excess length was silently truncated
    by the server. Now when the password's length exceeds 32
    characters, CHANGE MASTER TO fails with an error.

Also updated "CHANGE MASTER TO Syntax" in the affected versions of the Manual.

Closed.      

Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html