diff --git a/src/backend/distributed/commands/role.c b/src/backend/distributed/commands/role.c
index f61b00423..e312b57c5 100644
--- a/src/backend/distributed/commands/role.c
+++ b/src/backend/distributed/commands/role.c
@@ -354,17 +354,23 @@ ExtractEncryptedPassword(Oid roleOid)
 
 	Datum passwordDatum = heap_getattr(tuple, Anum_pg_authid_rolpassword,
 									   pgAuthIdDescription, &isNull);
-	char *passwordCstring = TextDatumGetCString(passwordDatum);
+
+	/*
+	 * In PG, an empty password is treated the same as NULL.
+	 * So we propagate NULL password to the other nodes, even if
+	 * the user supplied an empty password
+	 */
+
+	char *passwordCstring = NULL;
+	if (!isNull)
+	{
+		passwordCstring = pstrdup(TextDatumGetCString(passwordDatum));
+	}
 
 	table_close(pgAuthId, AccessShareLock);
 	ReleaseSysCache(tuple);
 
-	if (isNull)
-	{
-		return NULL;
-	}
-
-	return pstrdup(passwordCstring);
+	return passwordCstring;
 }
 
 
diff --git a/src/test/regress/expected/alter_role_propagation.out b/src/test/regress/expected/alter_role_propagation.out
index 02b798e0b..4e04f0e92 100644
--- a/src/test/regress/expected/alter_role_propagation.out
+++ b/src/test/regress/expected/alter_role_propagation.out
@@ -319,5 +319,42 @@ SELECT COUNT(*) FROM public.test_search_path;
 (1 row)
 
 ALTER USER current_user RESET search_path;
+-- test empty/null password: it is treated the same as no password
+SET password_encryption TO md5;
+CREATE ROLE new_role;
+SELECT workers.result AS worker_password, pg_authid.rolpassword AS coord_password FROM run_command_on_workers($$SELECT rolpassword FROM pg_authid WHERE rolname = 'new_role'$$) workers, pg_authid WHERE pg_authid.rolname = 'new_role';
+ worker_password | coord_password
+---------------------------------------------------------------------
+                 |
+                 |
+(2 rows)
+
+ALTER ROLE new_role PASSWORD '';
+NOTICE:  empty string is not a valid password, clearing password
+SELECT workers.result AS worker_password, pg_authid.rolpassword AS coord_password FROM run_command_on_workers($$SELECT rolpassword FROM pg_authid WHERE rolname = 'new_role'$$) workers, pg_authid WHERE pg_authid.rolname = 'new_role';
+ worker_password | coord_password
+---------------------------------------------------------------------
+                 |
+                 |
+(2 rows)
+
+ALTER ROLE new_role PASSWORD 'new_password';
+SELECT workers.result AS worker_password, pg_authid.rolpassword AS coord_password, workers.result = pg_authid.rolpassword AS password_is_same FROM run_command_on_workers($$SELECT rolpassword FROM pg_authid WHERE rolname = 'new_role'$$) workers, pg_authid WHERE pg_authid.rolname = 'new_role';
+           worker_password           |           coord_password            | password_is_same
+---------------------------------------------------------------------
+ md51a28da0f1a2416525eec435bdce8cbbe | md51a28da0f1a2416525eec435bdce8cbbe | t
+ md51a28da0f1a2416525eec435bdce8cbbe | md51a28da0f1a2416525eec435bdce8cbbe | t
+(2 rows)
+
+ALTER ROLE new_role PASSWORD NULL;
+SELECT workers.result AS worker_password, pg_authid.rolpassword AS coord_password FROM run_command_on_workers($$SELECT rolpassword FROM pg_authid WHERE rolname = 'new_role'$$) workers, pg_authid WHERE pg_authid.rolname = 'new_role';
+ worker_password | coord_password
+---------------------------------------------------------------------
+                 |
+                 |
+(2 rows)
+
+RESET password_encryption;
+DROP ROLE new_role;
 DROP TABLE test_search_path;
 DROP SCHEMA alter_role, ",CitUs,.TeeN!?", test_sp CASCADE;
diff --git a/src/test/regress/sql/alter_role_propagation.sql b/src/test/regress/sql/alter_role_propagation.sql
index 627b0a1f2..40c7395c4 100644
--- a/src/test/regress/sql/alter_role_propagation.sql
+++ b/src/test/regress/sql/alter_role_propagation.sql
@@ -102,5 +102,22 @@ ALTER USER current_user SET search_path TO test_sp;
 SELECT COUNT(*) FROM public.test_search_path;
 ALTER USER current_user RESET search_path;
 
+-- test empty/null password: it is treated the same as no password
+SET password_encryption TO md5;
+
+CREATE ROLE new_role;
+SELECT workers.result AS worker_password, pg_authid.rolpassword AS coord_password FROM run_command_on_workers($$SELECT rolpassword FROM pg_authid WHERE rolname = 'new_role'$$) workers, pg_authid WHERE pg_authid.rolname = 'new_role';
+
+ALTER ROLE new_role PASSWORD '';
+SELECT workers.result AS worker_password, pg_authid.rolpassword AS coord_password FROM run_command_on_workers($$SELECT rolpassword FROM pg_authid WHERE rolname = 'new_role'$$) workers, pg_authid WHERE pg_authid.rolname = 'new_role';
+
+ALTER ROLE new_role PASSWORD 'new_password';
+SELECT workers.result AS worker_password, pg_authid.rolpassword AS coord_password, workers.result = pg_authid.rolpassword AS password_is_same FROM run_command_on_workers($$SELECT rolpassword FROM pg_authid WHERE rolname = 'new_role'$$) workers, pg_authid WHERE pg_authid.rolname = 'new_role';
+
+ALTER ROLE new_role PASSWORD NULL;
+SELECT workers.result AS worker_password, pg_authid.rolpassword AS coord_password FROM run_command_on_workers($$SELECT rolpassword FROM pg_authid WHERE rolname = 'new_role'$$) workers, pg_authid WHERE pg_authid.rolname = 'new_role';
+
+RESET password_encryption;
+DROP ROLE new_role;
 DROP TABLE test_search_path;
 DROP SCHEMA alter_role, ",CitUs,.TeeN!?", test_sp CASCADE;