The ThinLinc Client requires a TOTP code to be usable twice - once for logging in to the ThinLinc Master and once for logging in to the ThinLinc Agent. RFC 6238, which describes TOTP: Time-Based One-Time Password Algorithm, explicitly forbids this. https://tools.ietf.org/html/rfc6238 > Note that a prover may send the same OTP inside a given time-step > window multiple times to a verifier. The verifier MUST NOT accept > the second attempt of the OTP after the successful validation has > been issued for the first OTP, which ensures one-time only use of an > OTP. This is not a problem for Web Access, as it does not perform multiple authentications when logging in a user.
Duplicate of bug 2545?
*** This bug has been marked as a duplicate of bug 5614 ***