It does not, but.. it depends on the configuration.
Most of the cases the *Security Context* is just passed from old SGSN to new MME/SGSN, so there is no authentication needed.
Although, by config change in SGSN and/or MME you can prevent this from happening.
Personally I have faced this problem year ago when working for one of the OpCos in Europe where we were forced to force UEs to re-auth. This increased the signaling towards the HSS but this was less priority back then, as this was the stabilization period. Without forcing UE to re-auth the IRIS solution from Tektronix could not grab keys from security context to decode the traffic on the radio side, which made traces useless (because not decoded) when TAU happened.