XDMCP is insecure when used directly, as it is unencrypted, and will send your credentials and all keystrokes and mouse actions over the network in clear text. By default XDMCP is disabled on most recent distros. Thankfully there isn’t any reason to use it!
Instead of using XDMCP, you can use X11 forwarding to run your graphical environments across SSH. Doing so also allows you to log in via smart cards, if your version of SSH has PKCS11 support.
I’ve written a script called remote-graphical-login to make this much easier. Note that this script has smartcard support built in, and may not work properly if the libraries do not exist on your system. In a future version I’ll make this configurable so that it can be used with identity files, or without an agent. Here’s the usage:
Usage: remote-graphical-login.sh [-s session] [-I cardlib] [-l username] [username@][hostname] -s kde or gnome (default) -I coolkey or activclient (default) -l Username to login with Example: remote-graphical-login.sh -s kde testuser@testhost
There may be a few bugs in the script. Let me know if you run into any.
Update (06/14/10): Fixed some issues in the script. Notably, the X launcher did exactly the opposite of what it was intended to do. If an X server was already running, it would re-use that server. The intended action was for the script to start a new X server on another display number. This is now fixed. Also, an informational message will now be shown to users when they do not specify a username or hostname, mentioning the ability to do so.