Have a look at the docs: https://docs.djangoproject.com/en/1.5/topics/auth/passwords/#how-django-stores-passwords
It says, "When users log in, if their passwords are stored with anything other than the preferred algorithm, Django will automatically upgrade the algorithm to the preferred one. This means that old installs of Django will get automatically more secure as users log in, and it also means that you can switch to new (and better) storage algorithms as they get invented."
So I think if you just make sure bot sha1 and PBKDF2 are in PASSWORD_HASHERS
(they are by default), it should just work. Users will still be able to log in with the old hash, and django will automatically update their password to the new.
If you don't want django to update the passwords automatically, you just have to put sha1 and the top of the PASSWORD_HASHERS
list.