The client is required to enforce the MFA for local accounts in PAM.

Could you please assist us on how to setup MFA for local accounts and what are the requirements for setup?

If the MFA is not supported for the local accounts, can you share reason with us? Why this is not possible?

Unfortunately PAM doesn't have MFA functionality by itself. If MFA is needed, PAM requires an integration with an external Authentication system.

Authentication of local users in PAM doesn't use an external Authentication system, hence there is no way to have MFA for local users in the current design.

However, you should not have local users except the "super" user. And you can rename the "super" to something secret that only Administrator knows. Please refer to below KB article.

 Can we rename the Config or Super User Login Id?