They are plaintext, but have to follow the correct format in the config file or in the keys file.
Did you try the Access Labs link for NTP configuration that I sent earlier?
Here is a sample of what it generates for /etc/ntp.conf using 111.222.333.444 for the NTP server:
# START FILE
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
server 111.222.333.444 iburst key 1
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
trustedkey 1
# Specify the key identifier to use with the ntpdc utility.
requestkey 1
# Specify the key identifier to use with the ntpq utility.
controlkey 1
# Enable writing of statistics records.
statistics clockstats cryptostats loopstats peerstats sysstats rawstats
# END FILE
The /etc/ntp/keys file contains:
1 MD5 }Vp72N9amdf-Qa6`FQ^Y
the part that looks like this: }Vp72N9amdf-Qa6`FQ^Y
should be the same as the key that your NTP server is using to authenticate the other clients on your network. I generated the key with the ntp-keygen command.
The /etc/ntp/crypto/pw file can be empty, but must exist.
1 MD5 }Vp72N9amdf-Qa6`FQ^Y
the part that looks like this: }Vp72N9amdf-Qa6`FQ^Y should be the same as the key that your NTP server is using to authenticate the other clients on your network. I generated the key with the ntp-keygen command.
Okay, so does the ntp-keygen command just spit out random ASCII text, or do you supply a plaintext word, and it spits out ASCII text representing the MD5 hash of the plaintext?