LP#1468422 Release notes manual pw migration comments

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Dan Wells <dbw2@calvin.edu>

diff --git a/docs/RELEASE_NOTES_NEXT/Administration/password-storage.lp1468422.adoc b/docs/RELEASE_NOTES_NEXT/Administration/password-storage.lp1468422.adoc
index 01b9ae3..02e6c0a 100644 (file)
--- a/docs/RELEASE_NOTES_NEXT/Administration/password-storage.lp1468422.adoc
+++ b/docs/RELEASE_NOTES_NEXT/Administration/password-storage.lp1468422.adoc
@@ -7,6 +7,24 @@ the application layer.
 All API changes are backwards compatible with existing 3rd-party
 clients.
 
+Migrating Passwords
++++++++++++++++++++
+
+Passwords are migrated for each user automatically the first time a user
+logs in under the new setup.  However, it is also possible to force
+password migration for a given user via a database function:
+
+[source,sql]
+------------------------------------------------------------
+evergreen=# SELECT actor.migrate_passwd(<USER_ID>);
+------------------------------------------------------------
+
+Using this, admins could perform manual batch updates to force all
+users to use the new, more secure passwords, regardless of when or
+whether a patron logs back into the system.  Beware that doing this
+for all users in the a large database will take a long time and
+should proably be performed in batches.
+
 open-ils.auth_internal
 ++++++++++++++++++++++
 To support the new storage mechanism, a new Evergreen service has