It is possible that change user tries an user who has old password.

Instead of error message that doesn't say much there is more information now.

ext/mysqlnd/mysqlnd.c

@@ -1863,6 +1863,10 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
 		}
 		conn->charset = conn->greet_charset;
 		memset(&conn->upsert_status, 0, sizeof(conn->upsert_status));
+	} else if (ret == FAIL && chg_user_resp->server_asked_323_auth == TRUE) {
+		/* old authentication with new server  !*/
+		DBG_ERR(mysqlnd_old_passwd);
+		SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, mysqlnd_old_passwd);	
 	}
 
 	SET_ERROR_AFF_ROWS(conn);

ext/mysqlnd/mysqlnd_wireprotocol.c

@@ -1693,6 +1693,7 @@ php_mysqlnd_chg_user_read(void *_packet, MYSQLND *conn TSRMLS_DC)
 	}
 
 	if (ERROR_MARKER == packet->field_count) {
+		packet->server_asked_323_auth = TRUE;
 		php_mysqlnd_read_error_from_line(p, packet->header.size - 1,
 										 packet->error_info.error,
 										 sizeof(packet->error_info.error),

ext/mysqlnd/mysqlnd_wireprotocol.h

@@ -245,6 +245,7 @@ typedef struct st_mysqlnd_packet_chg_user_resp {
 	uint16_t			server_capabilities;
 	/* If error packet, we use these */
 	MYSQLND_ERROR_INFO	error_info;
+	zend_bool			server_asked_323_auth;
 } MYSQLND_PACKET_CHG_USER_RESPONSE;