If you’re worried about spoofing, I kind of wonder if you are trying to use the wrong tool for the job. Depending on the environment, iptables (or syncing via hypervisor tools) is probably a much better tool.
But anyway, here’s a easy to follow explanation with examples:
http://www.articlesbase.com/programming-articles/how-to-configure-your-linux-ntp-server-1105782.html
As far as confirming operation, ntpq should (I think, working from memory here). If that’s not enough for you, break it intentionally and test.
Thanks, Darth. That’s one of the articles I’ve read. There must be some trick I’m missing. My clients will sync right up with the server...which normally would be a good thing. However, when I intentionally use bad keys, it also syncs right up. It doesn’t appear that the clients are actually trying to authenticate the NTP messages.