When zabbix has been set to use HTTP auth if any modifications are made to user in users.php zabbix resets the password in database for that user to 'zabbix'. This is very annoying when using http auth and mod_auth_mysql with zabbix database. The reason for this seems to be this part in users.php:

if(($config['authentication_type'] != ZBX_AUTH_INTERNAL) && zbx_empty($_REQUEST['password1'])){
if(($config['authentication_type'] == ZBX_AUTH_LDAP) && isset($_REQUEST['userid'])){
if(GROUP_GUI_ACCESS_INTERNAL != get_user_auth($_REQUEST['userid']))

{ // $_REQUEST['password1'] = $_REQUEST['password2'] = 'zabbix'; }

}
else

{ $_REQUEST['password1'] = $_REQUEST['password2'] = 'zabbix'; }

Commenting out the else{} removes changing of password and issue is solved.

As a side note would be nice if password could be changed even when using other than internal authentication. This can be done with replacing the following line in include/forms.php
if(ZBX_AUTH_INTERNAL == $auth_type){
with
if(ZBX_AUTH_INTERNAL == $auth_type || ZBX_AUTH_HTTP == $auth_type){