--- oath-toolkit/liboath/usersfile.c.orig	2012-11-19 16:39:47.000000000 +0200
+++ oath-toolkit/liboath/usersfile.c	2012-11-23 17:03:26.000000000 +0200
@@ -121,6 +121,10 @@
 	      if (*passwd != '\0')
 		return OATH_BAD_PASSWORD;
 	    }
+	  else if (strcmp (p, "*") == 0)
+	    {
+	      /* Ignore password */
+	    }
 	  else if (strcmp (p, passwd) != 0)
 	    return OATH_BAD_PASSWORD;
 	}