fix bug with password_value fact not unsetting for multiple runs

tasks/main.yml

@@ -3,6 +3,11 @@
 # SPDX-License-Identifier: Apache-2.0
 
 ---
+- name: Unset password_value fact
+  set_fact:
+    password_value: ""
+    special_pass: false
+
 # Handle cases in which password variable is undefined or empty
 - name: Disable password login for user unless empty password allowed for user {{ username }}
   when:
@@ -11,6 +16,14 @@
     - not allow_no_password
   ansible.builtin.set_fact:
     password_value: "*"
+    special_pass: true
+
+- name: Disable password login because given password was * for user {{ username }}
+  when:
+    - password == "*"
+  ansible.builtin.set_fact:
+    password_value: "*"
+    special_pass: true
 
 - name: Allow login without password as it is explicitely allowed for user {{ username }}
   when:
@@ -19,13 +32,14 @@
     - allow_no_password
   ansible.builtin.set_fact:
     password_value: ""
+    special_pass: true
 
 - name: Hash provided password for user {{ username }}
   when:
     # Non-empty password has been provided
     - password is defined
     # None of the special cases has been handled before
-    - password_value is not defined
+    - not special_pass
   block:
     - name: Create idempotent salt for password of {{ username }}
       set_fact: