Regarding Client/Server mode, with AutoKey and the IFF scheme:
Following the instruction on
http://ntp.isc.org/bin/view/Support/ConfiguringAutokey I have
successfully configured, generated keys, and tested a client/server
setup using AutoKey with an encrypted group key using the IFF scheme.

Q1: How it possible for a leaf client to use different groupkey and
client credential passwords, which are specified in the configuration
file (i.e. crypto pw clientpassword)?
- "clientpassword" used in creation of groupkey
- "clientpassword" also used in creation of clients host/cert files
- I'm unsuccessful in using different password for client host/cert
files and creation of groupkey by server

Q2: How can the passwords be read without specifying them in the clear
within the respecitive server/client configuration files?

Password used from ConfiguringAutoKey link:
server: serverpassword
client: clientpassword

Thanks............DanR