Bug 694569 adds a new command line argument to pkiremove for the password for the NSS database - specifically the database/token in which the subsystem certificate is stored. This cert is used to communicate with the security domain to remove the instance's entry and admin user from the security domain CA.

The command line option is -token_pwd=<token password>.

In the absence of this extra parameter, the script will look for the password in password.conf. If that file is unavailable, or if the required password is not present in the password.conf, then pkiremove will prompt for the password. So the order of finding the password is

command line option, password.conf, prompt

This optional command line argument is useful when the password.conf file has been removed. This needs to be updated in the CLI docs and install guide.