feh. These need work, but they are a good starting point. The one to change user password doesn’t work because it doesn’t call openssl correctly. And some special characters can be expanded by your shell and munged as they get encrypted.
I ended up dumping the NetInfo passwd info to an ASCII file, editing it, and then reloading it.
nidump passwd / > passwd # extract from the database
openssl passwd # generate a hashed password
vi passwd # edit the extract you created and reload it.
niload -m passwd / < passwd
I recommend doing this with all the stuff NetInfo manages, just for sanity's sake. You can also get a complete copy of the NetInfo data with nidump -r / / > yourtextfile. Then if needed you can use niload to reinstall it. That’s actually pretty useful if you have a good backup.
I had to add myself to the admin group the same way, otherwise I was powerless to administer this machine without being on console.