Quest Authentication Services versions 3.2 to 3.3.2, by default, configured /etc/irs.conf to contain 'netgroup vas', so that if you are using netgroups no further configuration would be required.
However a ML from IBM changed some functionality surrounding irs/netgroups. We believe in a ML2 (or above) IBM changed how it performed these interactions causing the OS to leak netgroup calls from threaded processes (memory and file handles). This could lead to a segfault.
Versions of QAS 3.5 and above have stopped configuring /etc/irs.conf by default which effectivly resolves the issue. The netgroup vas entry in /etc/irs.conf is only required if you are using QAS netgroups through NSS (ie. you have set netgroup-mode = NSS in the /etc/opt/quest/vas/vas.conf).
Remove the configuration manually or run the following:
# /opt/quest/bin/vastool unconfigure irs netgroup