Move SNMP engine discovery code to security module

This SNMP engine ID discovery procedure is spread across message
processing and security modules. This is weird!

Anyway, this change moves SNMP message rewriting, associated with
starting out SNMP discovery sequence, to security module. The
motivation is to let security module making the ultimate decision
whether or not SNMP engine discovery is required.

For example, if localized keys are committed directly to the DB,
security module may just use them without engine discovery phase.

1 files changed, 7 insertions, 1 deletions

diff --git a/pysnmp/hlapi/v3arch/auth.py b/pysnmp/hlapi/v3arch/auth.py
index c4302d52..9392664f 100644
--- a/pysnmp/hlapi/v3arch/auth.py
+++ b/pysnmp/hlapi/v3arch/auth.py
@@ -294,7 +294,9 @@ class UsmUserData(object):
     securityEngineId: :py:class:`~pysnmp.proto.rfc1902.OctetString`
         The snmpEngineID of the authoritative SNMP engine to which a
         dateRequest message is to be sent. Will be automatically
-        discovered from peer if not given.
+        discovered from peer if not given, unless localized keys
+        are used. In the latter case *securityEngineId* must be
+        specified.
 
         See :RFC:`3414#section-2.5.1` for technical explanation.
 
@@ -330,6 +332,10 @@ class UsmUserData(object):
         * :py:class:`~pysnmp.hlapi.usmKeyTypeLocalized`
 
 
+        If `~pysnmp.hlapi.usmKeyTypeLocalized` is used, peer SNMP engine ID
+        discovery mechanism can't be leveraged for key localization, so
+        *securityEngineId* must be given by local configuration.
+
     privKeyType: :py:class:`int`
         Type of `privKey` material. See :RFC:`3414#section-2.6` for
         technical explanation.