The ThinLinc Client requires a TOTP code to be usable twice - once for logging in to the ThinLinc Master and once for logging in to the ThinLinc Agent.
RFC 6238, which describes TOTP: Time-Based One-Time Password Algorithm, explicitly forbids this.
> Note that a prover may send the same OTP inside a given time-step
> window multiple times to a verifier. The verifier MUST NOT accept
> the second attempt of the OTP after the successful validation has
> been issued for the first OTP, which ensures one-time only use of an
This is not a problem for Web Access, as it does not perform multiple authentications when logging in a user.
Duplicate of bug 2545?
*** This bug has been marked as a duplicate of bug 5614 ***