+#ifdef HAVE_PAM
+extern Bool pam_priv_init (int argc, char **argv, Bool verbose_p);
+extern void pam_try_unlock (saver_info *si, Bool verbose_p,
+ Bool (*valid_p)(const char *typed_passwd, Bool verbose_p));
+#endif
+#ifdef PASSWD_HELPER_PROGRAM
+extern Bool ext_priv_init (int argc, char **argv, Bool verbose_p);
+extern Bool ext_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
+#endif
+extern Bool pwent_lock_init (int argc, char **argv, Bool verbose_p);
+extern Bool pwent_priv_init (int argc, char **argv, Bool verbose_p);
+extern Bool pwent_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
+
+Bool lock_priv_init (int argc, char **argv, Bool verbose_p);
+Bool lock_init (int argc, char **argv, Bool verbose_p);
+Bool passwd_valid_p (const char *typed_passwd, Bool verbose_p);
+
+/* The authorization methods to try, in order.
+ Note that the last one (the pwent version) is actually two auth methods,
+ since that code tries shadow passwords, and then non-shadow passwords.
+ (It's all in the same file since the APIs are randomly nearly-identical.)
+ */
+struct auth_methods methods[] = {
+# ifdef HAVE_PAM
+ { "PAM", 0, pam_priv_init, 0, pam_try_unlock,
+ False, False },
+# endif
+# ifdef HAVE_KERBEROS
+ { "Kerberos", kerberos_lock_init, 0, kerberos_passwd_valid_p, 0,
+ False, False },
+# endif
+# ifdef PASSWD_HELPER_PROGRAM
+ { "external", 0, ext_priv_init, ext_passwd_valid_p, 0,
+ False, False },
+# endif
+ { "normal", pwent_lock_init, pwent_priv_init, pwent_passwd_valid_p, 0,
+ False, False }
+};