Has anyone built a Zimbra system on Linux that uses 2-factor authentication such as some type of hardware token?

I'm brand-new to Zimbra, but AFAIK, hardware tokens typically interface with PAM-level auth systems; which AFAIK zimbra doesn't do. So to do hard-token auth to zimbra, a zimlet would have to be written to interface the hard-token to the zimbra auth mechanism.

Can anyone correct my ignorance on this matter?