The correct answer is that it depends on the authentication method.
For the native password authentication the password passed can be arbitrarily long. It is hashed and the hash is stored into the table. It's treated as a binary string but can't contain binary zeroes.