Many thanks to Marko and David for your reply. It really helped.
Now I am playing with extension auth_delay, which uses
ClientAuthentication_hook. But I find it not easy to distinguish the first
connection of psql from the second one with empty password, since the
variable 'status' are both STATUS_EOF. Maybe I should dive into the code
deeper.
Regards,