WCF - Why netTCPBinding works fine with Kerberos authentication without any SPN setting?

In one of our networks we are utilizing the netTCPBinding. The WCF service hosted in windows service that run as a domain account.

From the event viewer I can see that my WCF service uses Kerberos authentication. Everyth开发者_C百科ing works seamlessly "out-of-the-box" with simple default configuration without an <identity> element in the configuration file and without any SPN setting for the machine like:

setspn -a WcfServiceName//Server domaonAccount

But from the multiple online references I concluded that SPN setting is necessary Its not clear, why in my case it works without those settings?

Looking forward for an explanation from WCF-Security experts.

Per the WCF Security Guidance: netTcpBinding : Specifies a secure, reliable, optimized binding suitable for cross-machine communication. By default, it generates a runtime communication stack with transport security and Windows authentication as default security settings. It uses TCP protocol for message delivery, and binary message encoding.

In essence, its secure by default, callers must provide Windows creds for authentication.