We're testing RSA SecurID tokens for various services that require authentication in our environment. I'm curious how (or if) SecurID would integrate with a Zimbra mail server configured to authenticate users against an Active Directory?

We can enable SecurID authentication for AD users, such that when an authentication attempt is made, the SecurID module on the AD server intercepts the call, queries the SecurID server, and sends back the response to the client.

If we were to enable this, what would happen with Zimbra? I should point out we only use IMAP, not POP3 in our environment.

Would users need to key in their SecurID passcode every time they click "Send and Receive" or "Get Mail" in their MUA or in the Zimbra web client? Or does the client only get interrogated for the password when the IMAP connection is initiated, and once established the password is no longer required / transmitted?