It's reasonable to expect that authentication into ThinLinc, no matter which client is used, uses the "thinlinc" PAM service that we've created. Depending on the client used, ThinLinc will use either "ssh" or "thinlinc" as PAM service.
If a system administrator wants different PAM settings for SSH and ThinLinc and turns the /etc/pam.d/thinlinc file into a copy of the /etc/pam.d/ssh file and modifies one of them, we get different settings depending on what client we're using. This is not what I would expect without rather deep knowledge into the nuances of what functionality we're borrowing from the OS rather than providing ourselves.
We have an authentication chapter in the TAG:
However it doesn't do a very good job at describing these details. It also hasn't been updated since we added Web Access so it doesn't mention at all that different services might be used for authentication at different times.