diff --git a/rust/src/kerberos.rs b/rust/src/kerberos.rs
index 8d5d13c501..ff1370e1f2 100644
--- a/rust/src/kerberos.rs
+++ b/rust/src/kerberos.rs
@@ -19,15 +19,36 @@ use kerberos_parser::krb5_parser::parse_ap_req;
 use kerberos_parser::krb5::{ApReq,Realm,PrincipalName};
 use nom;
 use nom::IResult;
-use nom::error::ErrorKind;
+use nom::error::{ErrorKind, ParseError};
 use nom::number::complete::le_u16;
 use der_parser;
+use der_parser::error::BerError;
 use der_parser::der::parse_der_oid;
 
 use crate::log::*;
 
-pub const SECBLOB_NOT_SPNEGO :  u32 = 128;
-pub const SECBLOB_KRB_FMT_ERR : u32 = 129;
+#[derive(Debug)]
+pub enum SecBlobError {
+    NotSpNego,
+    KrbFmtError,
+    Ber(BerError),
+    NomError(ErrorKind),
+}
+
+impl From<BerError> for SecBlobError {
+    fn from(error: BerError) -> Self {
+        SecBlobError::Ber(error)
+    }
+}
+
+impl<I> ParseError<I> for SecBlobError {
+    fn from_error_kind(_input: I, kind: ErrorKind) -> Self {
+        SecBlobError::NomError(kind)
+    }
+    fn append(_input: I, kind: ErrorKind, _other: Self) -> Self {
+        SecBlobError::NomError(kind)
+    }
+}
 
 #[derive(Debug,PartialEq)]
 pub struct Kerberos5Ticket {
@@ -35,11 +56,11 @@ pub struct Kerberos5Ticket {
     pub sname: PrincipalName,
 }
 
-fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq>
+fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq, SecBlobError>
 {
-    let (_,b) = der_parser::parse_der(blob)?;
+    let (_,b) = der_parser::parse_der(blob).map_err(|e| nom::Err::convert(e))?;
     let blob = b.as_slice().or(
-        Err(nom::Err::Error(error_position!(blob, ErrorKind::Custom(SECBLOB_KRB_FMT_ERR))))
+        Err(nom::Err::Error(SecBlobError::KrbFmtError))
     )?;
     do_parse!(
         blob,
@@ -52,9 +73,10 @@ fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq>
             ap_req
         })
     )
+    .map_err(|e| nom::Err::convert(e))
 }
 
-pub fn parse_kerberos5_request(blob: &[u8]) -> IResult<&[u8], Kerberos5Ticket>
+pub fn parse_kerberos5_request(blob: &[u8]) -> IResult<&[u8], Kerberos5Ticket, SecBlobError>
 {
     let (rem, req) = parse_kerberos5_request_do(blob)?;
     let t = Kerberos5Ticket {
diff --git a/rust/src/nfs/nfs4.rs b/rust/src/nfs/nfs4.rs
index 7aa1d500d7..cfc9b4697e 100644
--- a/rust/src/nfs/nfs4.rs
+++ b/rust/src/nfs/nfs4.rs
@@ -29,12 +29,12 @@ use crate::nfs::rpc_records::*;
 use crate::nfs::nfs_records::*;
 use crate::nfs::nfs4_records::*;
 
-use crate::kerberos;
+use crate::kerberos::{parse_kerberos5_request, Kerberos5Ticket, SecBlobError};
 
-named!(parse_req_gssapi<kerberos::Kerberos5Ticket>,
+named!(parse_req_gssapi<&[u8], Kerberos5Ticket, SecBlobError>,
    do_parse!(
         len: be_u32
-    >>  ap: flat_map!(take!(len), call!(kerberos::parse_kerberos5_request))
+    >>  ap: flat_map!(take!(len), parse_kerberos5_request)
     >> ( ap )
 ));
 
diff --git a/rust/src/smb/auth.rs b/rust/src/smb/auth.rs
index 69729ec3de..5b245d9332 100644
--- a/rust/src/smb/auth.rs
+++ b/rust/src/smb/auth.rs
@@ -23,25 +23,24 @@ use crate::smb::smb::*;
 
 use nom;
 use nom::IResult;
-use nom::error::ErrorKind;
 use der_parser::ber::BerObjectContent;
 use der_parser::der::{parse_der_oid, parse_der_sequence};
 
-fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8]>
+fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8], SecBlobError>
 {
-    let (rem, base_o) = der_parser::parse_der(blob)?;
+    let (rem, base_o) = der_parser::parse_der(blob).map_err(|e| nom::Err::convert(e))?;
     SCLogDebug!("parse_secblob_get_spnego: base_o {:?}", base_o);
     let d = match base_o.content.as_slice() {
-        Err(_) => { return Err(nom::Err::Error(error_position!(blob,ErrorKind::Custom(SECBLOB_NOT_SPNEGO)))); },
+        Err(_) => { return Err(nom::Err::Error(SecBlobError::NotSpNego)); },
         Ok(d) => d,
     };
-    let (next, o) = parse_der_oid(d)?;
+    let (next, o) = parse_der_oid(d).map_err(|e| nom::Err::convert(e))?;
     SCLogDebug!("parse_secblob_get_spnego: sub_o {:?}", o);
 
     let oid = match o.content.as_oid() {
         Ok(oid) => oid,
         Err(_) => {
-            return Err(nom::Err::Error(error_position!(blob,ErrorKind::Custom(SECBLOB_NOT_SPNEGO))));
+            return Err(nom::Err::Error(SecBlobError::NotSpNego));
         },
     };
     SCLogDebug!("oid {}", oid.to_string());
@@ -51,7 +50,7 @@ fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8]>
             SCLogDebug!("SPNEGO {}", oid);
         },
         _ => {
-            return Err(nom::Err::Error(error_position!(blob,ErrorKind::Custom(SECBLOB_NOT_SPNEGO))));
+            return Err(nom::Err::Error(SecBlobError::NotSpNego));
         },
     }
 
@@ -60,16 +59,16 @@ fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8]>
     Ok((rem, next))
 }
 
-fn parse_secblob_spnego_start(blob: &[u8]) -> IResult<&[u8], &[u8]>
+fn parse_secblob_spnego_start(blob: &[u8]) -> IResult<&[u8], &[u8], SecBlobError>
 {
-    let (rem, o) = der_parser::parse_der(blob)?;
+    let (rem, o) = der_parser::parse_der(blob).map_err(|e| nom::Err::convert(e))?;
     let d = match o.content.as_slice() {
         Ok(d) => {
             SCLogDebug!("d: next data len {}",d.len());
             d
         },
         _ => {
-            return Err(nom::Err::Error(error_position!(blob,ErrorKind::Custom(SECBLOB_NOT_SPNEGO))));
+            return Err(nom::Err::Error(SecBlobError::NotSpNego));
         },
     };
     Ok((rem, d))