That first question is a lovely one:  /etc/login.defs  vs  /etc/security/pwquality.conf
taking precedence.

I would say that I was resourceful (a gentlemanly way of saying "I cheated"), 
because I had a look at the exact response on the Red Hat Customer Portal.
However, I took my investigation a little bit further, and I walked through a couple
of scenarios, to confirm what that solution reported.  By doing so, I made a very
handsome discovery.

Okay, a direct quote from that solution on the Red Hat Customer Portal states:
"While changing the password, We can see that /etc/security/pwquality.conf 
takes precendence over /etc/login.defs".

Yeah, even if the minimum length is set to a lower value in the /etc/login/defs file,
the minimum length that's considered/enforced is the one in the
/etc/security/pwquality.conf!!!

Now, I'm not so sure that "precendence" is responsible for this, as much as "solitary"
is responsible.  What I'm saying here is that the setting in the /etc/security/pwquality.conf file is the only setting considered.  Why do I say this? 
Based on a little note in the /etc/logins.def file.  On line number 135 of the
/etc/logins.def file, the following comment appears:

              # Currently PASS_MIN_LEN is not supported

I didn't just look at this comment, and say, "Okay".  I had to examine it, and I did!!!  
Based on my examination, that comment is absolutely true!!!  For completeness, I 
examined this in a RHEL 9.4 installation - your mileage may vary

In conclusion, if I have to stick with "precedence", the setting in the
/etc/security/pwquality.conf file indeed takes precedence over the setting in the
/etc/logins.def - however, I must add, "by default"!!

Question #2:  How to resolve this error when doing ssh 

Uh oh!  Looks like the system admin accidentally (or deliberately ) put the 
nologin command, in place of the bash command - in the /etc/passwd file.
With that being the case, there will be no logging into this user account!!!

As long as /sbin/nologin, is in field 7, of the /etc/passwd file, of a user account,
you will be greeted with the message "This account is currently not available"
(or some variation thereof) when attempting to login to that account!!!

So, if you wish to log into this account, simply replace /sbin/nologin with
/bin/bash, and you can put away the headache medication

                   #  usermod  -s  /bin/bash  user_account_name

Happy login!!!!

Question #3:  How do I change the default kernel in GRUB that is loaded at startup?

Sooooooooo, you want to change the default kernel in GRUB that is loaded at startup!
Well, I "think" I can help with that.

This isn't part of the solution, but I just like to verify what's currently in place before
I start tunring knobs.  So, I'll begin by executing the following command:

#  grubby  --default-kernel

Note:  This same command will be used to verify that a new kernel has been 
configured as the kernel to be loaded at startup!

Now, we need to identify the kernel (file) that we want to have loaded at startup.
Just like we know to go into the dairy section of the grocery store to look for milk,
we know to go into the /boot/ directory to locate the kernel files to choose from.
You won't have to spend a lot of time trying to locate them, because they'll be
bunched together, with names beginning with "vmlinuz....".

Okay, after identifying the kernel that you want to have loaded at startup, execute
the following command:

#  grubby  --set-default=/boot/kernel_filename

Restart/reboot your linux system to see that this is indeed the default kernel being
loaded at startup.  Now, go to lunch!!!