It turns out to be a wget call (made by apache) that causes the pcscd log entries.
My site collects information from many places and only one of them enforces https instead of http and that seems to trigger the pcscd log entries. If I try one of the sites that accepts both http and https, only the https one will generate the log entries.
# tail -f /var/log/messages | grep pcscd &
# inotifywait -m /usr/lib64/libpcsclite.so.1.0.0 &
Setting up watches.
# sudo -u apache wget -qO/dev/null http://masalakitchen.se/lindholmen/lunchmeny/ ; echo $?
# sudo -u apache wget -qO/dev/null https://masalakitchen.se/lindholmen/lunchmeny/ ; echo $?
2017-10-10T16:49:40+02:00 ninja pcscd: 83431667 auth.c:137:IsClientAuthorized() Process 20791 (user: 48) is NOT authorized for action: access_pcsc
2017-10-10T16:49:40+02:00 ninja pcscd: 00000231 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
All users but root seems to trigger this but the returned data is ok for all of them. So, it's got nothing to do with apache but instead it's wget that's doing something funny whenever https is involved.
curl does not trigger these log entries. What is wget trying to do and why? Any ideas?