I found someone had made a webpage of my original usenet post documenting the procedure for posterity!
How to clear the NVRAM password on an Onyx/Challenge
By Michael Ross and Chris Patterson (MCE)
1. Enter POD mode using the debug options as documented my Ian Mapleson at:
Note that the POD prompt will only appear on a terminal connected to the console (tty1) port - the GFX display will remain blank.
2. At the POD prompt, type 'zap'.
The PROM password is now clear, you can type 'io' to start the PROM monitor, from where you can now access the command monitor, install software, etc. etc., without a password.
3. Don't forget to disable POD mode again before rebooting!
'zap' is documented in the POD prompt help screen (type '?' for a list of POD commands), but the description is something very innocuous, like 'reinitialise environment', and gives no clue to the fact that it blows the PROM password away!
NOTE: 'zap' also blows away your entire configuration. So when you go into the PROM monitor, console is set to tty1 not GFX, your boot/root/OS devices may well be wrong - my setup was defaulting to boot dksc(0,....) when the disks were all on dksc(1,...) etc. etc.
So be sure to review and fully understand your configuration BEFORE using 'zap', if at all possible (I know, it's kinda hard since you're locked out of the command monitor).
Thanks to all who helped!