diff --git a/mysql-test/r/connect.result b/mysql-test/r/connect.result
index 32c7bdfcf12..778219f6ed9 100644
--- a/mysql-test/r/connect.result
+++ b/mysql-test/r/connect.result
@@ -273,8 +273,8 @@ connect(localhost,mysqltest_nouser,newpw,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: YES)
 connect(localhost,mysqltest_nouser,,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: NO)
-update mysql.user set password=authentication_string, authentication_string=''
-                  where user like 'mysqltest_up_';
+update mysql.user set plugin='mysql_native_password' where user = 'mysqltest_up1';
+update mysql.user set plugin='mysql_old_password' where user = 'mysqltest_up2';
 select user, password, plugin, authentication_string from mysql.user
 where user like 'mysqltest_up_';
 user	password	plugin	authentication_string
diff --git a/mysql-test/r/grant4.result b/mysql-test/r/grant4.result
index 60617acbd1f..d96802d105c 100644
--- a/mysql-test/r/grant4.result
+++ b/mysql-test/r/grant4.result
@@ -178,3 +178,37 @@ mysqltest_db1.t1	repair	status	OK
 # Switching to connection 'default'.
 drop database mysqltest_db1;
 drop user mysqltest_u1@localhost;
+create user foo1 identified by password '11111111111111111111111111111111111111111';
+create user foo2 identified by password '2222222222222222';
+create user foo3 identified via mysql_native_password using '11111111111111111111111111111111111111111';
+create user foo4 identified via mysql_old_password using '2222222222222222';
+grant select on test.* to foo5 identified by password '11111111111111111111111111111111111111111';
+grant select on test.* to foo6 identified by password '2222222222222222';
+grant select on test.* to foo7 identified via mysql_native_password using '11111111111111111111111111111111111111111';
+grant select on test.* to foo8 identified via mysql_old_password using '2222222222222222';
+select user,password,plugin,authentication_string from mysql.user where user like 'foo%';
+user	password	plugin	authentication_string
+foo1	11111111111111111111111111111111111111111		
+foo2	2222222222222222		
+foo3	11111111111111111111111111111111111111111		
+foo4	2222222222222222		
+foo5	11111111111111111111111111111111111111111		
+foo6	2222222222222222		
+foo7	11111111111111111111111111111111111111111		
+foo8	2222222222222222		
+drop user foo1;
+drop user foo2;
+drop user foo3;
+drop user foo4;
+drop user foo5;
+drop user foo6;
+drop user foo7;
+drop user foo8;
+create user foo1 identified via mysql_native_password using '00';
+ERROR HY000: Password hash should be a 41-digit hexadecimal number
+create user foo2 identified via mysql_native_password using '2222222222222222';
+ERROR HY000: Password hash should be a 41-digit hexadecimal number
+create user foo3 identified via mysql_old_password using '00';
+ERROR HY000: Password hash should be a 16-digit hexadecimal number
+create user foo4 identified via mysql_old_password using '11111111111111111111111111111111111111111';
+ERROR HY000: Password hash should be a 16-digit hexadecimal number
diff --git a/mysql-test/t/connect.test b/mysql-test/t/connect.test
index fca588de8e8..c4a6fb73b10 100644
--- a/mysql-test/t/connect.test
+++ b/mysql-test/t/connect.test
@@ -397,8 +397,8 @@ connection default;
 #
 # cannot connect when password is set and plugin=mysql_native_password
 #
-update mysql.user set password=authentication_string, authentication_string=''
-                  where user like 'mysqltest_up_';
+update mysql.user set plugin='mysql_native_password' where user = 'mysqltest_up1';
+update mysql.user set plugin='mysql_old_password' where user = 'mysqltest_up2';
 select user, password, plugin, authentication_string from mysql.user
                   where user like 'mysqltest_up_';
 flush privileges;                  
diff --git a/mysql-test/t/grant4.test b/mysql-test/t/grant4.test
index 756454237f5..36c44fe997a 100644
--- a/mysql-test/t/grant4.test
+++ b/mysql-test/t/grant4.test
@@ -201,3 +201,34 @@ disconnect con1;
 connection default;
 drop database mysqltest_db1;
 drop user mysqltest_u1@localhost;
+
+create user foo1 identified by password '11111111111111111111111111111111111111111';
+create user foo2 identified by password '2222222222222222';
+create user foo3 identified via mysql_native_password using '11111111111111111111111111111111111111111';
+create user foo4 identified via mysql_old_password using '2222222222222222';
+
+grant select on test.* to foo5 identified by password '11111111111111111111111111111111111111111';
+grant select on test.* to foo6 identified by password '2222222222222222';
+grant select on test.* to foo7 identified via mysql_native_password using '11111111111111111111111111111111111111111';
+grant select on test.* to foo8 identified via mysql_old_password using '2222222222222222';
+
+--sorted_result
+select user,password,plugin,authentication_string from mysql.user where user like 'foo%';
+
+drop user foo1;
+drop user foo2;
+drop user foo3;
+drop user foo4;
+drop user foo5;
+drop user foo6;
+drop user foo7;
+drop user foo8;
+
+--error ER_PASSWD_LENGTH
+create user foo1 identified via mysql_native_password using '00';
+--error ER_PASSWD_LENGTH
+create user foo2 identified via mysql_native_password using '2222222222222222';
+--error ER_PASSWD_LENGTH
+create user foo3 identified via mysql_old_password using '00';
+--error ER_PASSWD_LENGTH
+create user foo4 identified via mysql_old_password using '11111111111111111111111111111111111111111';
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 9d47b30da76..064aaa869b4 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -943,6 +943,43 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
   return false;
 }
 
+
+/*
+  transform equivalent LEX_USER values to one:
+     username IDENTIFIED BY PASSWORD xxx
+     username IDENTIFIED VIA mysql_native_password USING xxx
+     etc
+*/
+static bool fix_lex_user(LEX_USER *user)
+{
+  size_t check_length= 0;
+  if (my_strcasecmp(system_charset_info, user->plugin.str,
+                    native_password_plugin_name.str) == 0)
+  {
+    check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
+  }
+  else
+  if (my_strcasecmp(system_charset_info, user->plugin.str,
+                    old_password_plugin_name.str) == 0)
+  {
+    check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
+  }
+
+  if (check_length)
+  {
+    user->password= user->auth.length ? user->auth : null_lex_str;
+    user->plugin= empty_lex_str;
+    user->auth= empty_lex_str;
+    if (user->password.length && user->password.length != check_length)
+    {
+      my_error(ER_PASSWD_LENGTH, MYF(0), check_length);
+      return true;
+    }
+  }
+  return false;
+}
+
+
 static bool get_YN_as_bool(Field *field)
 {
   char buff[2];
@@ -6350,6 +6387,12 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
       continue;
     }
 
+    if (fix_lex_user(tmp_Str))
+    {
+      result= TRUE;
+      continue;
+    }
+
     if (copy_and_check_auth(Str, tmp_Str, thd->lex))
       result= true;
     else
@@ -9289,6 +9332,13 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
     if (!user_name->host.str)
       user_name->host= host_not_specified;
 
+    if (fix_lex_user(user_name))
+    {
+      append_user(thd, &wrong_users, user_name);
+      result= TRUE;
+      continue;
+    }
+
     /*
       Search all in-memory structures and grant tables
       for a mention of the new user/role name.
@@ -9296,7 +9346,6 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
     if (handle_grant_data(tables, 0, user_name, NULL))
     {
       append_user(thd, &wrong_users, user_name);
-
       result= TRUE;
       continue;
     }